There may be a file permission issue if you get the following error messages after starting SSSD.
# systemctl restart sssd Job for sssd.service failed because the control process exited with error code. See "systemctl status sssd.service" and "journalctl -xe" for details.
The error message in /var/log/messages is shown below.
sssd[sssd]: SSSD couldn't load the configuration database : Unknown error 1432158317. systemd: sssd.service: Main process exited, code=exited, status=4/NOPERMISSION systemd: sssd.service: Failed with result 'exit-code'. systemd: sssd.service: Service RestartSec=100ms expired, scheduling restart. systemd: sssd.service: Scheduled restart job, restart counter is at 5. systemd: sssd.service: Start request repeated too quickly. systemd: sssd.service: Failed with result 'exit-code'.
After setting debug_level = 9 in sssd.conf, following error is logged in /var/log/sssd/sssd.log
[sssd] [sss_ini_read_sssd_conf] (0x0020): Permission check on config file failed. [sssd] [confdb_init_db] (0x0020): Cannot convert INI to LDIF : [File ownership and permissions check failed] [sssd] [confdb_setup] (0x0010): ConfDB initialization has failed : File ownership and permissions check failed [sssd] [load_configuration] (0x0010): Unable to setup ConfDB : File ownership and permissions check failed [sssd] [main] (0x0010): SSSD couldn't load the configuration database.
Make sure SSSD config file at /etc/sssd/sssd.conf is owned by root and has permission 600.
chown root:root /etc/sssd/sssd.conf chmod 600 /etc/sssd/sssd.conf
Note: The config file /etc/sssd/sssd.conf must be owned by root:root, and has permission 600