sso_type: ldap

allowed_groups:
  - sysadmin@idm.ezri.dev

sudo_groups:
  - sysadmin@idm.ezri.dev

uses_passkey_auth: no
uses_passkey_2fa: no
uses_totp_2fa: yes
totp_2fa_nullok: yes

ldap_user_search_base: >-
  dc=idm,dc=ezri,dc=dev
ldap_group_search_base: >-
  dc=idm,dc=ezri,dc=dev?subtree?(|(objectClass=posixAccount)(objecctClass=posixGroup))
ldap_access_filter: "(memberof=sysadmin@idm.ezri.dev)"