# mkhomedir module
dnf install oddjob
systemctl enable oddjobd.service
systemctl start  oddjobd.service

# chmod 
chmod 0600 /etc/openldap/cacerts/caname.crt
chmod 0600 /etc/sssd/conf.d/sssd.conf

systemctl enable autofs
systemctl enable sssd

dnf install autofs nfs-utils

[root@localhost]# grep -Ev "^$|^\s*#" /etc/idmapd.conf
[General]
Domain = DOMAIN.COM
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]

[Static]
[UMICH_SCHEMA]
LDAP_server = LDAPSERVER.DOMAIN.COM
LDAP_base = dc=DOMAIN,dc=COM

authselect select sssd with-mkhomedir with-sudo --force

authconfig --enablesssd --enablesssdauth --enableldap --enableldapauth --ldapserver=ldaps://LDAPSERVER.DOMAIN.COM:636 --ldapbasedn="dc=DOMAIN,dc=COM" --enableldaptls --enablerfc2307bis --disablecachecreds --enablemkhomedir --updateall --test
 

# cat /etc/sssd/sssd.conf 
[domain/default]

autofs_provider = ldap
ldap_schema = rfc2307bis
ldap_search_base = dc=DOMAIN,dc=COM
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_uri = ldaps://LDAPSERVER.DOMAIN.COM:636
ldap_id_use_start_tls = True
cache_credentials = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_group_member = uniqueMember
entry_cache_timeout = 60
debug_level = 5
ldap_autofs_map_object_class = nisMap
ldap_autofs_map_name = nisMapName
ldap_autofs_entry_object_class = nisObject
ldap_autofs_entry_key = cn
ldap_autofs_entry_value = nisMapEntry
ldap_autofs_search_base = ou=service,dc=DOMAIN,dc=COM

[sssd]
services = nss, pam, autofs
domains = default

[nss]
homedir_substring = /home
debug_level = 5
filter_groups = root
filter_users = root

[pam]
pam_account_locked_message = Account locked, please contact IT helpdesk.
pam_verbosity = 2
pam_pwd_expiration_warning = 5

[sudo]

[autofs]
debug_level = 5

[ssh]

[pac]

[ifp]

[secrets]

[session_recording]