Me too! Thanks for pointing this out @lucian. I have to add at least some documentation about this!
The default configuration in sssd.conf have some preconditions on the remote LDAP server
- rfc2307 schema
- anonymous bind is allowed and the LDAP tree can be browsed anonymously
- authenticated bind must be protected by STARTTLS
We found the default behavior of sssd is good for our LDAP setup, but of course there can be other variants, too. Can you provide more details about your LDAP server? What are its requirements?
Also can you query the rootDSE?
ldapsearch -h LDAPserver -b "" -s base "(objectclass=*)"