Wondering about whether this feature exists or is planned to exist? It is for use in a shared administration environment. We have central administration and local administrators. It would allow a central configuration for sssd with local changes. Puppet could manage the central main file and include a user managed portion. We handle sudoers in a similar way. I guess the main use of this might be to allow local admins to control who can login to a server. sssd.conf could include something like this:

access_provider = simple

simple_allow_groups = central_admins

and the included locally managed file could have

simple_allow_users = user01, user03, user42

I know we can do this in other ways with puppet, but this would be simpler and it seems to me an include feature might have other uses.