Lukas et al.,
Thank you for the suggestion. I'll test that as soon as convenient. I'm currently attending SC19 so spinning up labs is something best managed in the mornings with coffee :-) .
Curiously I did have to change the ownership of the socket, and a few service, unit files to sssd:root to get them to start. I would like to test the daemon to running as an unprivileged user as much as possible. I did not consider digging into the files themselves to check configured runtime users, I should've.
As to your question I currently have no real use case for the socket based responders other than their potential for system level optimisation in large enterprise deployments and kicking the tyres on the SSSD feature set to both experiment with it and document the assessment, results, and configuration nuances and requirements.
I often share these results in attempts to help others deploying the daemon and advocate for its use. Similar to this community :-) .
Thank you again and I'll test asap and report what I find,
-- lawrence