The plugin is /usr/lib/x86_64-linux-gnu/cifs-utils/cifs_idmap_sss.so
from the sssd-common package.
Thanks! - I'd not thought to check that location. Having created a symlink to replace
the default idmap-plugin, getcifsacls now resolves the SIDs.
The actual ability to create/delete files still seems to come from the account that
mounted the share rather than the user themselves - is that expected? If so, does SSSD
support the "multiuser" option without each user/PAM having to provide