Wondering about whether this feature exists or is planned to exist? It is for use in a shared administration environment. We have central administration and local administrators. It would allow a central configuration for sssd with local changes. Puppet could manage the central main file and include a user managed portion. We handle sudoers in a similar way. I guess the main use of this might be to allow local admins to control who can login to a server. sssd.conf could include something like this:
access_provider = simple
simple_allow_groups = central_admins
and the included locally managed file could have
simple_allow_users = user01, user03, user42
I know we can do this in other ways with puppet, but this would be simpler and it seems to me an include feature might have other uses.