authentication – Using SSSD with multiple LDAP servers/domains

need to authenticate users using two separate LDAP servers. Have configured SSSD with two domains but only one seems to be working. I ran the command authconfig --enablemkhomedir --enablesssd --enablesssdauth --updateall and updated sssd.conf as follows:

domains = domain1, domain2
services = nss, pam
config_file_version = 2

filter_groups = root
filter_users = root

offline_credentials_expiration = 0


auth_provider = ldap
id_provider = ldap

ldap_uri = ldaps://domain1
ldap_tls_reqcert = allow


auth_provider = ldap
id_provider = ldap

ldap_uri = ldaps://domain2
ldap_tls_reqcert = allow

The results are that a user from domain2 (user2) is recognized but a user from domain1 (user1) is not found:

# id user2
uid=10(user2) gid=10(admin) groups=10(admin)

# id user1
id: 'user1': no such user

Any ideas to get domain1 working? That server/auth was working fine when we were back with nslcd.conf but of course couldn’t use two servers with nslcd, only the first server defined would work. I’m a n00b when it comes to this stuff and all the nscd, nslcd, nsswitch.conf, authconfig, etc gets pretty confusing. I didn’t notice any errors in the /var/log/messages or SSSD logs.