Configure SSSD to implement cryptography to protect the
integrity of LDAP remote access sessions. By setting
the ldap_tls_cacert
option in /etc/sssd/sssd.conf
to point to the path for the X.509 certificates used for peer authentication.
ldap_tls_cacert /path/to/tls/ca.cert