[sssd]
domains = LDAP
services = nss, pam
config_file_version = 2

[nss]
filter_groups = root
filter_users = root

[pam]

[domain/LDAP]
id_provider = ldap
ldap_uri = ldap://{{ ansible_hostname }}/
ldap_search_base = {{ basedn }}

auth_provider = krb5
krb5_server = {{ ansible_hostname }}
krb5_realm = {{ ansible_domain | upper }}
cache_credentials = false

min_id = 10000
max_id = 20000
enumerate = False