Perform a SASL (Negotiate Kerberos NTLM Digest) LDAP .

Common error: The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection.

To resolve this add 2 rows to sssd.conf

ldap_uri = ldaps://yourDC.com:636 ldap_tls_cacert = /usr/share/ca-certificates/root/CA-ROOT-SHA256-current.cer (company CA-certificate)

and reload sssd with sudo service sssd restart.