The way I see it I have a few options for this scenario:
A. Try to patch stdenv/glibc to drag in SSSD and its shared objects
B. Turn off the test cases for Nix / Coreutils when building it, then afterwards set LD_LIBRARY_PATH to the sssd in nix store (test cases fail because it can't run whoami without the SO)
C. Turn off sandboxed builds and set LD_PRELOAD with the RHEL so in /usr/lib64/libnss_sss.so.2