yum install -y install openldap-clients sssd sssd-client sssd-ldap sssd-tools authconfig nss-pam-ldapd oddjob-mkhomedir
echo "sudoers: file sss" >> /etc/nsswitch.conf
cat > /etc/sssd/sssd.conf << EOF
[domain/default]
debug_level = 9
autofs_provider = ldap
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://ldap.vimll.com
ldap_search_base = dc=vimll,dc=com
ldap_sudo_search_base = ou=sudoers,dc=vimll,dc=com
ldap_default_bind_dn = cn=readuser,ou=readonly,ou=Manager,dc=vimll,dc=com
ldap_default_authtok = Readuser@123
ldap_tls_reqcert = never
ldap_id_use_start_tls = False
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_user_object_class = posixAccount
ldap_user_name = uid
ldap_user_uid_number = uidNumber
override_homedir = /home/%u
default_shell = /bin/bash
entry_cache_timeout = 120
ldap_search_timeout = 10
ldap_network_timeout = 10
ldap_opt_timeout = 10
ldap_enumeration_search_timeout = 60
ldap_enumeration_refresh_timeout = 300
ldap_connection_expire_timeout = 600
ldap_sudo_smart_refresh_interval = 600
ldap_sudo_full_refresh_interval = 10800
[sssd]
services = nss, sudo, pam, autofs, ssh
config_file_version = 2
domains = default
domains = default
[nss]
homedir_substring = /home
filter_groups = root
filter_users = root
entry_negative_timeout = 20
entry_cache_nowait_percentage = 50
[pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
[secrets]
[session_recording]
EOF
chmod 600 /etc/sssd/sssd.conf
systemctl enable --now sssd oddjobd
authconfig --enablesssd --enablesssdauth --enablemkhomedir --enablerfc2307bis --enableldap --enableldapauth --disableldaptls --disableforcelegacy --disablekrb5 --ldapserver ldaps://ldap.vimll.com --ldapbasedn "dc=vimll,dc=com" --updateall
systemctl restart sssd oddjobd sshd
systemctl status sssd oddjobd sshd