IMO, work-arounds could be:
1) trigger "by name" look up first (e.g. ssh)
2) using `ldap_idmap_default_domain_sid` option to "bind" domain to a fixed slice (0). IIUC, this should pre-populate id mapping.
But please be careful with it, as this result in a *new* UIDs generated for all objects in this domain (since currently this domain clearly maps to a non-zero slice)

JFTR: this meant to be "OR".

Perhaps you could trigger such a lookup by placing `getent -s sss passwd user1` somewhere in a startup script (after sssd started).

Copying cache file feels error prone....