IMO, work-arounds could be:
1) trigger "by name" look up first (e.g. ssh)
2) using `ldap_idmap_default_domain_sid` option to "bind" domain to a
fixed slice (0). IIUC, this should pre-populate id mapping.
But please be careful with it, as this result in a *new* UIDs generated
for all objects in this domain (since currently this domain clearly maps to
a non-zero slice)
JFTR: this meant to be "OR".
Perhaps you could trigger such a lookup by placing `getent -s sss passwd
user1` somewhere in a startup script (after sssd started).
Copying cache file feels error prone....