[sssd]
domains = LDAP
services = nss, pam
config_file_version = 2
debug_level = $(SSSD_DEBUG_LEVEL)

[domain/LDAP]
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_schema = $(LDAP_SCHEMA)
ldap_auth_disable_tls_never_use_in_production = $(LDAP_AUTH_DISABLE_TLS)
autofs_provider = ldap
access_provider = simple

ldap_uri = ldap://$(LDAP_URI)
ldap_default_bind_dn = cn=$(LDAP_BIND_USER),$(LDAP_DOMAIN_DC)
ldap_default_authtok = $(LDAP_BIND_PASSWORD)

ldap_search_base = $(LDAP_SEARCH_BASE)
ldap_user_search_base = $(LDAP_USER_SEARCH_BASE)
ldap_group_search_base = $(LDAP_GROUP_SEARCH_BASE)
ldap_user_password_attribute = $(LDAP_USER_PASSWORD_ATTRIBUTE)
ldap_user_object_class = $(LDAP_USER_OBJECT_CLASS)
ldap_user_name = $(LDAP_USER_NAME)
ldap_user_dn_attribute = $(LDAP_USER_DN_ATTRIBUTE)
ldap_group_object_class = $(LDAP_GROUP_OBJECTS_CLASS)
ldap_id_use_start_tls = $(LDAP_ID_USE_START_TLS)
ldap_auth_use_start_tls = $(LDAP_AUTH_USE_START_TLS)
ldap_tls_reqcert = $(LDAP_TLS_REQCERT)

simple_allow_groups = $(LDAP_SIMPLE_ALLOW_GROUPS)

enumerate = True
cache_credentials = True