The validator behaves this way on purpose.

I would like to note two things.
1. The trusted domain section in config file was made to be as similar as possible to the normal domain and internally we try to deal with many options in the same way as the main domains (so they just work)
2. But the validator screams when people use options in the trusted domain section that were not tested to work (meaning, we do not support them).

So currently the way to add more options to the trusted domain section is followong:
1. Test if it already works (manu options work, even though they are not supported)
2. Add upstream or downstream tests for that option in trusted domain section (probably downstream test, because the infrastructure there supports ADs)
3. modify the validator to accept the option in the trusted domain section
4. add the option to the list of supported options in the trusted domain section in the man page

OK, let's move the ticket into the future releases until we have some test

Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfill this request I am closing the issue as wontfix.

If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.

Thank you for understanding.

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4778

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.