[root@host ~]# ls -l /etc/sssd/sssd.conf

-rw------- 1 root root 559 Mar 29 09:29 /etc/sssd/sssd.conf

[root@host ~]# ls -l /var/lib/sss/db/config.ldb

-rw------- 1 root root 1286144 Mar 29 09:29 /var/lib/sss/db/config.ldb

[root@host ~]# ls --time-style='+%d-%m-%Y %H:%M:%S' -l /etc/sssd/sssd.conf

-rw------- 1 root root 559 29-03-2016 09:29:58 /etc/sssd/sssd.conf

[root@host ~]# ls --time-style='+%d-%m-%Y %H:%M:%S' -l /var/lib/sss/db/config.ldb

-rw------- 1 root root 1286144 29-03-2016 09:29:59 /var/lib/sss/db/config.ldb

These times make sense as the sssd.conf file was put into place and then the service restarted and the config.ldb built. From /var/log/messages:

Mar 29 09:29:58 localhost puppet-agent[2865]: (/Stage[main]/Realmd::Sssd::Config/File[/etc/sssd/sssd.conf]/content) content changed '{md5}4b5234cb037adcfb49887c0616773efb' to '{md5}30e2784e49079c59193eeeae21d48c65'

Mar 29 09:29:58 localhost puppet-agent[2865]: (Class[Realmd::Sssd::Config]) Scheduling refresh of Class[Realmd::Sssd::Service]

Mar 29 09:29:58 localhost puppet-agent[2865]: (Class[Realmd::Sssd::Service]) Scheduling refresh of Service[sssd]

Mar 29 09:29:58 localhost systemd: Stopping System Security Services Daemon...

Mar 29 09:29:58 localhost sssd[nss]: Shutting down

Mar 29 09:29:58 localhost sssd[be[domain.com]]: Shutting down

Mar 29 09:29:58 localhost sssd[pam]: Shutting down

Mar 29 09:29:58 localhost systemd: Starting System Security Services Daemon...

Mar 29 09:29:58 localhost sssd: Starting up

Mar 29 09:29:58 localhost sssd[be[domain.com]]: Starting up

Mar 29 09:29:59 localhost sssd[nss]: Starting up

Mar 29 09:29:59 localhost sssd[pam]: Starting up

Mar 29 09:29:59 localhost systemd: Started System Security Services Daemon.

At the point of restart shouldn't it have seen the updated time on sssd.conf and rebuilt config.ldb?