[sssd]
config_file_version = 2
domains = binary-kitchen.de

[domain/binary-kitchen.de]
auth_provider = ldap
chpass_provider = ldap
id_provider = ldap
cache_credentials = false
case_sensitive = true
enumerate = false
min_id = 10000
ldap_schema = rfc2307bis
ldap_default_authtok_type = password
ldap_default_bind_dn = {{ ldap_binddn }}
ldap_default_authtok =  {{ ldap_bindpw }}
ldap_uri = {{ ldap_uri }}
ldap_search_base = {{ ldap_base }}
ldap_user_search_base = {{ sssd_base_user }}
ldap_group_search_base = {{ sssd_base_group }}
ldap_id_use_start_tls = true
ldap_tls_reqcert = demand
ldap_tls_cacertdir = /etc/ssl/certs