The LDAP client should be configured to implement TLS for the integrity
of all remote LDAP authentication sessions. If the id_provider is
set to ldap or ipa in /etc/sssd/sssd.conf or any of the
/etc/sssd/sssd.conf.d configuration files, ldap_id_use_start_tls
must be set to true.
To check if LDAP is configured to use TLS when id_provider is
set to ldap or ipa, use the following command:
$ sudo grep -i ldap_id_use_start_tls /etc/sssd/sssd.conf