I have verified there is no overlap in UIDs, so I don't think the linuxquestions.org problem applies.

it apparently forgets a lot faster than I was realizing, I just don't use commands that matter fast enough to notice:

```
luke@schierer@talemludum001:~$ !id
id luke@schierer
uid=2000(luke@schierer) gid=100(users) groups=100(users),2(bin),200,3(sys),10(uucp),60(games),4(adm),50(staff),27(sudo),40(src),37(operator),6(disk),110(uuidd),1(daemon),102(systemd-network),24(cdrom),29(audio)
luke@schierer@talemludum001:~$ for i in `seq 1 1000`; do date; whoami; sleep 10s; done
Fri Dec  7 07:52:19 EST 2018
luke@schierer
Fri Dec  7 07:52:29 EST 2018
luke@schierer
Fri Dec  7 07:52:39 EST 2018
luke@schierer
Fri Dec  7 07:52:49 EST 2018
luke@schierer
Fri Dec  7 07:52:59 EST 2018
luke@schierer
Fri Dec  7 07:53:09 EST 2018
luke@schierer
Fri Dec  7 07:53:19 EST 2018
luke@schierer
Fri Dec  7 07:53:29 EST 2018
luke@schierer
Fri Dec  7 07:53:39 EST 2018
luke@schierer
Fri Dec  7 07:53:49 EST 2018
luke@schierer
Fri Dec  7 07:53:59 EST 2018
luke@schierer
Fri Dec  7 07:54:09 EST 2018
luke@schierer
Fri Dec  7 07:54:19 EST 2018
luke@schierer
Fri Dec  7 07:54:29 EST 2018
luke@schierer
Fri Dec  7 07:54:39 EST 2018
luke@schierer
Fri Dec  7 07:54:49 EST 2018
luke@schierer
Fri Dec  7 07:54:59 EST 2018
luke@schierer
Fri Dec  7 07:55:09 EST 2018
luke@schierer
Fri Dec  7 07:55:19 EST 2018
luke@schierer
Fri Dec  7 07:55:29 EST 2018
luke@schierer
Fri Dec  7 07:55:39 EST 2018
luke@schierer
Fri Dec  7 07:55:49 EST 2018
luke@schierer
Fri Dec  7 07:55:59 EST 2018
luke@schierer
Fri Dec  7 07:56:09 EST 2018
luke@schierer
Fri Dec  7 07:56:19 EST 2018
luke@schierer
Fri Dec  7 07:56:29 EST 2018
luke@schierer
Fri Dec  7 07:56:39 EST 2018
luke@schierer
Fri Dec  7 07:56:49 EST 2018
luke@schierer
Fri Dec  7 07:56:59 EST 2018
luke@schierer
Fri Dec  7 07:57:09 EST 2018
whoami: cannot find name for user ID 2000: Unknown error 1432158300
Fri Dec  7 07:57:19 EST 2018
whoami: cannot find name for user ID 2000: Unknown error 1432158300
^C
luke@schierer@talemludum001:~$ 
```

a redacted sssd.conf (for domain names and such)

```
luke@schierer@talemludum001:~$ sudo cat /etc/sssd/sssd.conf
# Managed by Puppet.

[sssd]
services = nss, pam, sudo
domains = local, bramlet, ciziunas, schierer

[nss]
debug_level = 6
enum_cache_timeout = 300

[domain/local]
id_provider = local
enumerate = true
max_id = 1000

[domain/bramlet]
id_provider = ldap
enumerate = true
auth_provider = ldap
ldap_schema = rfc2307bis
ldap_uri = ldap://censor001.<domain>
ldap_search_base = ou=bramlet,dc=....
ldap_tls_reqcert = allow
cache_credentials = true
use_fully_qualified_names = true

[domain/ciziunas]
id_provider = ldap
enumerate = true
auth_provider = ldap
ldap_schema = rfc2307bis
ldap_uri = ldap://censor001.<domain>
ldap_search_base = ou=ciziunas,....
ldap_tls_reqcert = allow
cache_credentials = true
use_fully_qualified_names = true

[domain/schierer]
debug_level = 6
id_provider = ldap
enumerate = true
auth_provider = ldap
ldap_schema = rfc2307bis
ldap_uri = ldap://censor001.<domain>
ldap_search_base = ou=schierer,dc=....
ldap_tls_reqcert = allow
cache_credentials = true
use_fully_qualified_names = true

luke@schierer@talemludum001:~$ 
```

I'll try manipulating other cache timeouts, but I think it important to note that this config works on the 16.x LTS.