[sssd]
services = nss, pam
config_file_version = 2

domains = default, example.com
debug_level = 2

[nss]
nss_filter_groups = root
nss_filter_users = root
nss_entry_cache_timeout = 30
nss_enum_cache_timeout = 30

[pam]
pam_verbosity = 3

[domain/example.com]
domain_type = ipa
server = _srv_, fileserver1.example.com, fileserver2.example.com
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = example.com
id_provider = ipa
auth_provider = ipa
access_provider = ipa
chpass_provider = ipa
ipa_server = _srv_, fileserver1.example.com, fileserver2.example.com
ldap_tls_cacert = /etc/ipa/ca.crt

[domain/default]
auth_provider = krb5
cache_credentials = True
ldap_id_use_start_tls = False
chpass_provider = krb5
krb5_kpasswd = fileserver2.example.com
ldap_schema = rfc2307bis
krb5_realm = EXAMPLE.COM
ldap_search_base = dc=example,dc=com
id_provider = ldap
krb5_server = fileserver2.example.com
ldap_uri = ldap://fileserver2.example.com
ldap_tls_cacertdir = /etc/openldap/cacerts