Curerrently I'm being notified that ALL linux servers are reporting this in the AD logs:

"...client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection..."

We are planning to test a sssd client with a patched AD server to see if this will break AD auth on our sssd clients, but wanted to see if a patch for sssd has been made available anywhere to use ldaps or ldap with sssd.

Thanks,
Chris