Não tenho certeza se essa é a solução correta, mas observei no FAQ do SSSD este ponto:
When should I enable enumeration in SSSD? or Why is enumeration disabled by default?
"Enumeration" is SSSD's term for "reading in and displaying all the values of a particular map (users, groups, etc.)". We disable this by default in the SSSD in order to minimize the load on the servers with which SSSD must communicate. In most operation, listing the complete set of users or groups will never be necessary. Applications will generally request information about specific users or groups.
Enumerating all entries has a negative impact in load on the server and performance on the client (as we have to save all of the complex relationships between users and the groups to which they belong in the local cache). So because of this, we ship with enumerations disabled (the same behavior as the Samba project's winbind).
You should only enable enumerations (and the resultant performance issues) if you have applications or scripts in your environment that absolutely must be able to retrieve the complete lists. In these cases, enumeration can be enabled by setting
[domain/<domainname>] enumerate = true ...in your sssd.conf file.
Isso permitiu que a habilidade getent passwd exibisse todas as contas disponíveis via SSSD. Esteja avisado que isso pode ser um empecilho no desempenho.