Cause: SSSD relies on some information it can retrieve from the RootDSE in order to determine the capabilities of the server. Some servers do not make the RootDSE available via unencrypted, non-authenticated LDAP bind (in violation of the LDAP standard)
Consequence: On such servers, SSSD operates in a slightly degraded mode, being unable to take advantage of any enhanced features of the LDAP server.
Change: SSSD will now make a second attempt to retrieve the RootDSE after it completes a successful bind attempt.
Result: SSSD is now able to take advantage of enhanced features on servers that do not expose the RootDSE to non-authenticated users.