diff --git a/0001-pac-relax-default-for-pac_check-option.patch b/0001-pac-relax-default-for-pac_check-option.patch
new file mode 100644
index 0000000..e453c9c
--- /dev/null
+++ b/0001-pac-relax-default-for-pac_check-option.patch
@@ -0,0 +1,48 @@
+From 55e93cf1cf4d61c6de7975cbdc97a723545586c0 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 8 Jun 2022 10:11:15 +0200
+Subject: [PATCH] pac: relax default for pac_check option
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+PAC might not be always present, especially in IPA environments. So the
+default of pac_check should not contain 'pac_present'.
+
+Resolves: https://github.com/SSSD/sssd/issues/5868
+
+Reviewed-by: Iker Pedrosa <ipedrosa@redhat.com>
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/confdb/confdb.h     | 2 +-
+ src/man/sssd.conf.5.xml | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index d9fe571ded2d4ed19fe8e18466eab81b81148844..83f6be7f9a142464d63c06bc6d8828ffffa9625b 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -181,7 +181,7 @@
+ #define CONFDB_PAC_LIFETIME "pac_lifetime"
+ #define CONFDB_PAC_CHECK "pac_check"
+ #define CONFDB_PAC_CHECK_DEFAULT "no_check"
+-#define CONFDB_PAC_CHECK_IPA_AD_DEFAULT "pac_present, check_upn, check_upn_dns_info_ex"
++#define CONFDB_PAC_CHECK_IPA_AD_DEFAULT "check_upn, check_upn_dns_info_ex"
+
+ /* InfoPipe */
+ #define CONFDB_IFP_CONF_ENTRY "config/ifp"
+diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
+index 70544742740946f3e0ba1568d34e8bdebface072..e921ba575c2f2f69d9d7abe0211f80b44dca9cf4 100644
+--- a/src/man/sssd.conf.5.xml
++++ b/src/man/sssd.conf.5.xml
+@@ -2298,7 +2298,7 @@ pam_gssapi_indicators_map = sudo:pkinit, sudo-i:pkinit
+                         </para>
+                         <para>
+                             Default: no_check (AD and IPA provider
+-                            'pac_present, check_upn, check_upn_dns_info_ex')
++                            'check_upn, check_upn_dns_info_ex')
+                         </para>
+                     </listitem>
+                 </varlistentry>
+--
+2.34.3
diff --git a/sssd.spec b/sssd.spec
index e952586..3caa627 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -43,13 +43,14 @@
 
 Name: sssd
 Version: 2.7.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: System Security Services Daemon
 License: GPLv3+
 URL: https://github.com/SSSD/sssd/
 Source0: https://github.com/SSSD/sssd/releases/download/2.7.1/sssd-2.7.1.tar.gz
 
 ### Patches ###
+Patch0001: 0001-pac-relax-default-for-pac_check-option.patch
 
 ### Dependencies ###
 
@@ -1058,6 +1059,9 @@ fi
 %systemd_postun_with_restart sssd.service
 
 %changelog
+* Thu Jun 9 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.1-2
+- Fix regression in IPA provider (#2094685)
+
 * Thu Jun 2 2022 Pavel Březina <pbrezina@redhat.com> - 2.7.1-1
 - Rebase to SSSD 2.7.1