[sssd]
domains = example.com
config_file_version = 2
services = nss, pam, autofs

[domain/example.com]
default_shell = /usr/bin/zsh
krb5_store_password_if_offline = True
cache_credentials = False
krb5_realm = example.com
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%u@%d
ad_domain = example.com
use_fully_qualified_names = True
ldap_id_mapping = True
access_provider = simple
case_sensitive = false
entry_cache_timeout = 1
ad_gpo_ignore_unreadable = True
simple_allow_groups = Linux_Admins@example.com, Linux_Users@example.com, Automation@example.com
debug_level=10

#[domain/example.com]
#id_provider = ldap
#autofs_provider = ldap
#chpass_provider = ldap
#ldap_uri = ldap://dc1.example.com/
#ldap_search_base = dc=tturidc,dc=turi
#ldap_id_use_start_tls = False
#cache_credentials = false
#ldap_tls_cacertdir = /etc/openldap/certs
#ldap_tls_reqcert = allow


[nss]
debug_level = 10