Install sssd

# yum install sssd -y

Install authconfig

# yum install authconfig -y

Configure sssd (copy and paste this whole section)

Before using you will need to enter your organization’s domain components and your ldap uri

# cat >/etc/sssd/sssd.conf<<EOF
  [sssd]
  config_file_version = 2
  reconnection_retries = 3

  sbus_timeout = 30
  services = nss, pam

  domains = default

  [nss]
  filter_groups = root
  filter_users = root
  reconnection_retries = 3

  [pam]
  reconnection_retries = 3

  [domain/default]
  ldap_id_use_start_tls = True
  cache_credentials = True
  auth_provider = ldap
  debug_level = 0
  enumerate = True
  ldap_search_base = [your domain components]
  chpass_provider = ldap
  id_provider = ldap
  ldap_uri = [your ldap uri]
  ldap_tls_cacertdir = /etc/openldap/cacerts
  ldap_schema = rfc2307
  access_provider=ldap
  ldap_access_order = expire
  ldap_account_expire_policy = shadow
  EOF

Set proper permissions

# chmod 600 /etc/sssd/sssd.conf

Create the directory for cacerts

# mkdir -p /etc/openldap/cacerts

Configure the rest of auth mechanisms, including the download of your CA cert

Before using you willl need to enter the uri to your organization’s pem certificate

# authconfig --nostart --enablesssd --enablesssdauth --enablelocauthorize --update --ldaploadcacert=[the uri to your pem certificate]
# ln -sf /etc/openldap/cacerts/authconfig_downloaded.pem /etc/openldap/cacerts/3a5608b0.0

Enable creation of home dirs for new users and update the config

# authconfig --enablemkhomedir --update

Set sssd to start at boot and the start sssd

# systemctl enable sssd
# systemctl start sssd

Check if it’s working

# getent passwd