Hi Sumit,
My bad. Nscd caching was mis-directed me.
If anyone reads this thread, a working PoC looks like this:
#### SLAPD config:
https://wiki.samba.org/index.php/OpenLDAP_as_proxy_to_AD
##### Client (SSSD) configuration
[sssd]
config_file_version = 2
debug_level = 3
domains = test.local
services = nss, pam, ifp
[nss]
filter_groups = root
filter_users = root
[pam]
[domain/test.local]
debug_level = 3
id_provider = ldap
cache_credentials = True
ldap_uri = ldaps://ldapproxy.test.local
ldap_search_base = OU=TESTLAB,DC=test,DC=local
ldap_schema = AD
ldap_default_bind_dn = CN=_svc_ldapquery,OU=Users,OU=TESTLAB,DC=test,DC=local
ldap_default_authtok = xxxxx
ldap_default_authtok_type = password
ldap_tls_cacert = /etc/openldap/certs/cert.crt
ldap_id_mapping = True
enumerate = True
fallback_homedir = /home/%u
default_shell = /bin/bash
sudo_provider = ldap
auth_provider = ldap
autofs_provider = ldap
resolver_provider = ldap
use_fully_qualified_names = False
access_provider = simple
simple_allow_groups = linux_admins
subdomain_inherit = ignore_group_members
ignore_group_members = True
ad_enable_gc = false
Sure you have to do usual things like activate pam (in case of SUSE: /usr/sbin/pam-config
--add --sss --mkhomedir), disabling nscd caching, configure nsswitch.conf (files sss).
Hope this helps.
Szabolcs