Ok. So what you suggest is applying an ACI to all needed attributes for all users/groups
nodes in LDAP directory to give this special account the read permission over them ,
isn't?
I should obfuscate its password in sssd.conf file, though, but it makes sense.
Thanks a lot!!