[SSSD-users] Curiousity question about 'realm permit <user>'

All, I have sssd set up and doing cross-domain AD authentication. I'm using the simple access provider and conferring login access per group. Occasionally per user. I notice that if I do a basic 'realm permit <user>', that it adds this user to the wrong AD domain: Example: realm permit processehcprofiler adds it to my JAPN.COMPANY.COM AD domain, not my local AD domain (AMER). If I attempt to do to realm permit -R AMER.COMPANY.COM processehcprofiler(a)AMER.COMPANY.COM I get this error: realm: Couldn't find a matching realm Through various experimentation, I find that if I do this: realm permit -R amer.company.com processehcprofiler(a)amer.company.com that it works. As confirmed by 'sssctl user-checks processehcprofiler' I notice my "domain" entries in /etc/sssd/sssd.conf file are all lower case: domains = amer.company.com,apac.company.com,emea.company.com, japn.company.com ... [domain/amer.company.com] ad_domain = amer.company.com ... [domain/apac.company.com] ad_domain = apac.company.com ... [domain/emea.company.com] ad_domain = emea.company.com ... [domain/japn.company.com] ad_domain = japn.company.com ... I'm used to Kerberos where domain names are uc and account names are lc. So to do: realm permit -R AMER.COMPANY.COM processehcprofiler(a)AMER.COMPANY.COM I have to re-write all the domain names in my sssd.conf file to uc? Spike