Certain option defaults do not match their respective backend provider defaults, these option names and IPA provider-specific defaults are listed below: krb5_validate = true krb5_use_fast = try krb5_canonicalize = true ldap_schema = ipa_v1 ldap_force_upper_case_realm = true ldap_sasl_mech = GSSAPI ldap_sasl_minssf = 56 ldap_account_expire_policy = ipa ldap_use_tokengroups = true ldap_user_member_of = memberOf ldap_user_uuid = ipaUniqueID ldap_user_ssh_public_key = ipaSshPubKey ldap_user_auth_type = ipaUserAuthType ldap_group_object_class = ipaUserGroup ldap_group_object_class_alt = posixGroup ldap_group_member = member ldap_group_uuid = ipaUniqueID ldap_group_objectsid = ipaNTSecurityIdentifier ldap_group_external_member = ipaExternalMember