Thanks for explanation :).
Something like that?

tmp = ldb_msg_find_attr_as_string(res->msgs[0],CONFDB_DOMAIN_ACCESS_PROVIDER,NULL);
        if (tmp && strcasecmp(tmp, "permit") != 0) {
            .......

And documentatión

<term>access_provider (string)</term>
         <listitem>
                <para>
                           The access control provider used for the domain.
                            There are two built-in access providers (in
                            addition to any included in installed backends)
                            Internal special providers are:
                        </para>
                        <para>
                            <quote>permit</quote> always allow access. It's the only permitted access provider for a local domain.

> Date: Thu, 10 May 2012 11:31:58 +0200
> From: jhrozek@redhat.com
> To: sssd-devel@lists.fedorahosted.org
> Subject: Re: [SSSD] [PATCH] Bad check for id_provider=local and access_provider=permit
>
> On Thu, May 10, 2012 at 01:01:44AM -0500, Ariel Barria wrote:
> > apologize for the patch file name :D
> >
> > https://fedorahosted.org/sssd/ticket/1172
>
> Hi Ariel,
>
> thank you very much for the patch! The naming and formatting of the patch
> is fine.
>
> This approach would remove the startup error as described in the ticket
> but maybe it would be better if the "permit" access provider because
> that's what the local provider does internally anyway. It would also warn
> administrators who tries to use some other access
>
> So I think the proper fix would be to swap "local" for "permit" in the check.
> We should probably also amend the documentation (src/man/sssd.conf.5.xml)
> where the permit access provider is described to say that it's the only
> allowed access provider for a local domain.
> _______________________________________________
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel