Kinda frustrated because this used to be so easy in SLE11...

Out of curiosity, how do I make it so that we can log into our new SLE12 box with our LDAP accounts?

So far, I've got this, from various posts on the forums, but it's not working...

edit /etc/nsswitch.conf, set:
passwd: compat sss
group: compat sss

edit /etc/sssd/sssd.conf, contents:
config_file_version = 2
services = nss, pam
domains = LDAP

filter_groups = root
filter_users = root


id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307bis
ldap_user_object_class = posixAccount
debug_level = 20
access_provider = ldap
ldap_uri = ldap://
ldap_search_base = ou=tech,o=mu
create_homedir = true

ldap_tls_cacert = /etc/sssd/certs/rootcert.pem
ldap_tls_cacertdir = /etc/sssd/certs
ldap_id_use_start_tls = true

execute the following from root's command line:
pam-config --add --mkhomedir
I've also tried it with an ldap server URL of ldaps://, but it didn't make a difference. I also don't see any references to LDAP connections when I run "netstat -aln | grep tcp"

The thing that's making this more difficult is that nothing's getting logged to /var/log/sssd, no matter what value I put in the debug_level parameter. There aren't even any files that get created in there. I also tried using ndstrace on the box that this points to (eDirectory on an OES2 box) and it's not reporting any attempts from this host. Also, /var/log/messages says:

2015-12-03T11:18:59.407125-06:00 muwacmaster sshd[1296]: Invalid user myusername from
2015-12-03T11:18:59.411807-06:00 muwacmaster sshd[1296]: input_userauth_request: invalid user myusername [preauth]
2015-12-03T11:18:59.414338-06:00 muwacmaster sshd[1296]: Postponed keyboard-interactive for invalid user myusername from port 54501 ssh2 [preauth]
2015-12-03T11:19:01.528568-06:00 muwacmaster sshd[1298]: pam_unix(sshd:auth): check pass; user unknown
2015-12-03T11:19:01.529166-06:00 muwacmaster sshd[1298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=

so it's like SSSD isn't even functioning?

When I view the user auth section in YaST it indicates that SSSD is configured though.

What am I doing wrong?