SSSD 2.10.1 requires fewer capabilities now than it's packaged with

In 2.10.1 they reduced the set of capabilities the SSSD helpers require now (c.f. #5 (closed) ):

Important note for downstream maintainers.

A set of capabilities required by privileged binaries was further reduced to:

krb5_child cap_dac_read_search,cap_setgid,cap_setuid=p ldap_child cap_dac_read_search=p selinux_child cap_setgid,cap_setuid=p sssd_pam cap_dac_read_search=p

(as announced here). This change has not been reflected in the packaging yet.