This bug is created as a clone of upstream ticket:
The sudo provider can currently only be 'none' or 'ldap'. If the sudo LDAP backend is used together with the AD id provider we might face similar issues as was seen when using the LDAP access provider together the AD provider.
E.g. since the default value for ldap_id_mapping is different in the LDAP and AD provider SSSD will fail to start if 'id_provider = ad' and 'sudo_provider = ldap' but ldap_id_mapping is not set explicitly.
Additionally I assume that the sdap id context is initialized twice. This might be true when using the IPA provider as well.
Maybe be want to add 'sudo_provider = ad' so that it plays well with SSSD?
sssd starts up with "sudo_provider=ad" in the domain section. Manpage of sssd.conf also mentions sudo_provider=ad as an option.
Verified in version 1.11.2-53.el7.
This request was resolved in Red Hat Enterprise Linux 7.0.
Contact your manager or support representative in case you have further questions about the request.