This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1148

When used in conjunction with FreeIPA, SSSD is processing local user accounts during ssh login and rejecting them.

Users are below the ignore min uid range.

I can verify that getent passwd -s sssd jr does not exist, which should cause SSSD Pam to ignore him when Pam-unix passes the auth phase.  Instead, he gets processed as if he were a FreeIPA user:

{{{
(Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [sysdb_search_user_by_name] (0x0400): No such entry
(Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [hbac_eval_user_element] (0x0020): Could not determine user memberships for [jr]
(Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [hbac_ctx_to_rules] (0x0020): Could not construct eval request
(Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [ipa_hbac_evaluate_rules] (0x0020): Could not construct HBAC rules
(Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [be_pam_handler_callback] (0x0100): Backend returned: (3, 4, <NULL>) [Internal Error (System error)]
(Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [be_pam_handler_callback] (0x0100): Sending result [4][expertcity.com]
(Mon Jan 23 07:54:44 2012) [sssd[be[expertcity.com]]] [be_pam_handler_callback] (0x0100): Sent result [4][expertcity.com]
(Mon Jan 23 07:54:58 2012) [sssd[be[expertcity.com]]] [sdap_id_conn_data_expire_handler
}}}