[sssd]
domains = example.com
services = nss, pam
debug_level = 0x01ff

[domain/example.com]
id_provider = ldap
auth_provider = ldap

ldap_uri = ldaps://[::1]:636/
ldap_search_base = dc=example,dc=com

ldap_tls_cacert = /etc/ldap/server_cert.pem
ldap_tls_reqcert = allow

ldap_default_bind_dn = cn=admin,dc=example,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = ldappw

[pam]
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5