IMO, work-arounds could be:
- trigger "by name" look up first (e.g. ssh)
- using `ldap_idmap_default_domain_sid` option to "bind" domain to a
fixed slice (0). IIUC, this should pre-populate id mapping. But please be careful with it, as this result in a *new* UIDs generated for all objects in this domain (since currently this domain clearly maps to a non-zero slice)
JFTR: this meant to be "OR".
Perhaps you could trigger such a lookup by placing `getent -s sss passwd user1` somewhere in a startup script (after sssd started).
Copying cache file feels error prone....