'getent passwd' not showing LDAP users, athough users can log in

I have an administration node running LDAP and a login node which uses LDAP on the other node to authorize users. Users are able to log into the login node successfully. When I run

passwd

, on the admin node I get all the users, both those from

/etc/passwd

and LDAP. However, on the login node the LDAP users are missing. Both machines are running CentOS 7.9.2009 and both have an identical

/etc/nsswitch.conf

. The only non-trivial differences between the two version of

/etc/sss/sssd.conf

is that on the admin node ldap_access_order = filter,expire is set, whereas on the login node the setting is ldap_access_order = expire but that seems to me irrelevant (the filter just contains a single non-root functional user which was only used when the system was set up). Where else should I be looking to work out what the difference is between the two systems?