lmn-client/roles/lmn_sssd/templates/sssd.conf.j2

[sssd]
domains = {{ domain }}
config_file_version = 2
implicit_pac_responder = False

[domain/{{ domain }}]
krb5_realm = {{ domain | upper }}
ad_domain = {{ domain }}
id_provider = ad
access_provider = ad
use_fully_qualified_names = False
cache_credentials = True
krb5_store_password_if_offline = True
default_shell = /usr/bin/bash
# default: # ldap_id_mapping = True
ad_gpo_access_control = disabled
ad_gpo_ignore_unreadable = True
ad_maximum_machine_account_password_age = 0
ignore_group_members = True
{% if groups.localhome is defined and inventory_hostname in groups.localhome %}
override_homedir = /home/%u
{% endif %}
{% if groups.teacherlaptop is defined and inventory_hostname in groups.teacherlaptop %}
krb5_renewable_lifetime = 14d
{% endif %}