Just wondering if there is any more news regarding the patch for sssd to work with the new MS requirements?
Curerrently I'm being notified that ALL linux servers are reporting this in the AD logs:

"...client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a clear text (non-SSL/TLS-encrypted) LDAP connection..."

We are planning to test a sssd client with a patched AD server to see if this will break AD auth on our sssd clients, but wanted to see if a patch for sssd has been made available anywhere to use ldaps or ldap with sssd.