[domain/skynet.ie] id_provider = ldap auth_provider = ldap sudo_provider = ldap ldap_uri = ldap://account.skynet.ie:389 ldap_search_base = dc=skynet,dc=ie # thank ye https://medium.com/techish-cloud/linux-user-ssh-authentication-with-sssd-ldap-without-joining-domain-9151396d967d ldap_user_search_base = ou=users,dc=skynet,dc=ie?sub?(|(skMemberOf=cn=skynet-admins-linux,ou=groups,dc=skynet,dc=ie)(skMemberOf=cn=skynet-trainees-linux,ou=groups,dc=skynet,dc=ie)) ldap_group_search_base = ou=groups,dc=skynet,dc=ie # using commas from https://support.hpe.com/hpesc/public/docDisplay?docId=c02793175&docLocale=en_US ldap_sudo_search_base = ou=users,dc=skynet,dc=ie?sub?(|(skMemberOf=cn=skynet-admins-linux,ou=groups,dc=skynet,dc=ie)(skMemberOf=cn=skynet-trainees-linux,ou=groups,dc=skynet,dc=ie)) ldap_group_nesting_level = 5 cache_credentials = false entry_cache_timeout = 1 ldap_user_member_of = skMemberOf override_shell = /bin/bash #ldap_library_debug_level = -1 #ldap_schema = rfc2307bis [sssd] config_file_version = 2 services = nss, pam, sudo, ssh domains = skynet.ie [nss] # override_homedir = /home/%u [pam] [sudo] [autofs]