diff --git a/SOURCES/0110-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch b/SOURCES/0110-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch
new file mode 100644
index 0000000..396cfcd
--- /dev/null
+++ b/SOURCES/0110-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch
@@ -0,0 +1,81 @@
+From 442cd658329251d8390dd5bd790d86c78ead88ab Mon Sep 17 00:00:00 2001
+From: Tomas Halman <thalman@redhat.com>
+Date: Mon, 24 Jun 2019 15:58:09 +0200
+Subject: [PATCH] LDAP: failover does not work on non-responsive ldaps
+
+In case ldaps:// is used, then establishing the secure socket is
+a sychronous operation. If there's nothing on the other end, then
+the process would be stuck waiting in for the crypto library
+to finish.
+
+Here we set socket read/write timeout so the operation can finish
+in reasonable time with an error. The ldap_network_timeout
+option is used for this timeout.
+
+Resolves:
+https://pagure.io/SSSD/sssd/issue/2878
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
+(cherry picked from commit 2d657dffb419640860e46ed417137b0e2cc7d9af)
+---
+ src/util/sss_sockets.c | 26 ++++++++++++++++++++++++--
+ 1 file changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
+index 5e9be9ebd..0e4d8df8a 100644
+--- a/src/util/sss_sockets.c
++++ b/src/util/sss_sockets.c
+@@ -74,10 +74,11 @@ static errno_t set_fcntl_flags(int fd, int fd_flags, int fl_flags)
+     return EOK;
+ }
+ 
+-static errno_t set_fd_common_opts(int fd)
++static errno_t set_fd_common_opts(int fd, int timeout)
+ {
+     int dummy = 1;
+     int ret;
++    struct timeval tv;
+ 
+     /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but
+      * failures are ignored.*/
+@@ -97,6 +98,27 @@ static errno_t set_fd_common_opts(int fd)
+                   strerror(ret));
+     }
+ 
++    if (timeout > 0) {
++        /* Set socket read & write timeout */
++        tv = tevent_timeval_set(timeout, 0);
++
++        ret = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv));
++        if (ret != 0) {
++            ret = errno;
++            DEBUG(SSSDBG_FUNC_DATA,
++                  "setsockopt SO_RCVTIMEO failed.[%d][%s].\n", ret,
++                  strerror(ret));
++        }
++
++        ret = setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
++        if (ret != 0) {
++            ret = errno;
++            DEBUG(SSSDBG_FUNC_DATA,
++                  "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret,
++                  strerror(ret));
++        }
++    }
++
+     return EOK;
+ }
+ 
+@@ -264,7 +286,7 @@ struct tevent_req *sssd_async_socket_init_send(TALLOC_CTX *mem_ctx,
+         goto fail;
+     }
+ 
+-    ret = set_fd_common_opts(state->sd);
++    ret = set_fd_common_opts(state->sd, timeout);
+     if (ret != EOK) {
+         DEBUG(SSSDBG_CRIT_FAILURE, "set_fd_common_opts failed.\n");
+         goto fail;
+-- 
+2.20.1
+
diff --git a/SOURCES/0111-Add-TCP-level-timeout-to-LDAP-services.patch b/SOURCES/0111-Add-TCP-level-timeout-to-LDAP-services.patch
new file mode 100644
index 0000000..8c28ccb
--- /dev/null
+++ b/SOURCES/0111-Add-TCP-level-timeout-to-LDAP-services.patch
@@ -0,0 +1,51 @@
+From bad7c631b7aab50d179755ee546357e4f4faca9d Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Tue, 10 Sep 2019 14:33:37 +0000
+Subject: [PATCH] Add TCP level timeout to LDAP services
+
+In some cases the TCP connection may hang with data sent because
+of network conditions, this may cause the socket to stall for much
+longer than the timeout intended.
+Set a TCP option to forcibly timeout a socket that sees its data not
+ACKed within the ldap_network_timeout seconds.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+(cherry picked from commit 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac)
+---
+ src/util/sss_sockets.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
+index 0e4d8df8a..b6b6dbac5 100644
+--- a/src/util/sss_sockets.c
++++ b/src/util/sss_sockets.c
+@@ -79,6 +79,7 @@ static errno_t set_fd_common_opts(int fd, int timeout)
+     int dummy = 1;
+     int ret;
+     struct timeval tv;
++    unsigned int milli;
+ 
+     /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but
+      * failures are ignored.*/
+@@ -117,6 +118,16 @@ static errno_t set_fd_common_opts(int fd, int timeout)
+                   "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret,
+                   strerror(ret));
+         }
++
++        milli = timeout * 1000; /* timeout in milliseconds */
++        ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,
++                         sizeof(milli));
++        if (ret != 0) {
++            ret = errno;
++            DEBUG(SSSDBG_FUNC_DATA,
++                  "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret,
++                  strerror(ret));
++        }
+     }
+ 
+     return EOK;
+-- 
+2.20.1
+
diff --git a/SOURCES/0112-sss_sockets-pass-pointer-instead-of-integer.patch b/SOURCES/0112-sss_sockets-pass-pointer-instead-of-integer.patch
new file mode 100644
index 0000000..cc45b47
--- /dev/null
+++ b/SOURCES/0112-sss_sockets-pass-pointer-instead-of-integer.patch
@@ -0,0 +1,47 @@
+From 191f3722f28107ccde4ce96dd88a401fb36b059a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Mon, 10 Feb 2020 11:52:35 +0100
+Subject: [PATCH] sss_sockets: pass pointer instead of integer
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+```
+/home/pbrezina/workspace/sssd/src/util/sss_sockets.c: In function ‘set_fd_common_opts’:
+/home/pbrezina/workspace/sssd/src/util/sss_sockets.c:123:61: error: passing argument 4 of ‘setsockopt’ makes pointer from integer without a cast [-Werror=int-conversion]
+  123 |         ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,
+      |                                                             ^~~~~
+      |                                                             |
+      |                                                             unsigned int
+In file included from /home/pbrezina/workspace/sssd/src/util/sss_sockets.c:28:
+/usr/include/sys/socket.h:216:22: note: expected ‘const void *’ but argument is of type ‘unsigned int’
+  216 |          const void *__optval, socklen_t __optlen) __THROW;
+      |          ~~~~~~~~~~~~^~~~~~~~
+  CC       src/util/sssd_kcm-sss_iobuf.o
+cc1: all warnings being treated as errors
+```
+
+Introduced by 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+(cherry picked from commit 5b87af6f5b50c464ee7ea4558f73431e398e1423)
+---
+ src/util/sss_sockets.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
+index b6b6dbac5..6f2b71bc8 100644
+--- a/src/util/sss_sockets.c
++++ b/src/util/sss_sockets.c
+@@ -120,7 +120,7 @@ static errno_t set_fd_common_opts(int fd, int timeout)
+         }
+ 
+         milli = timeout * 1000; /* timeout in milliseconds */
+-        ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,
++        ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli,
+                          sizeof(milli));
+         if (ret != 0) {
+             ret = errno;
+-- 
+2.20.1
+
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
index 758ef2a..63d1c9c 100644
--- a/SPECS/sssd.spec
+++ b/SPECS/sssd.spec
@@ -48,7 +48,7 @@
 
 Name: sssd
 Version: 1.16.4
-Release: 37%{?dist}
+Release: 37%{?dist}.1
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -166,6 +166,9 @@ Patch0106: 0106-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
 Patch0107: 0107-ad-add-ad_use_ldaps.patch
 Patch0108: 0108-ldap-add-new-option-ldap_sasl_maxssf.patch
 Patch0109: 0109-ad-set-min-and-max-ssf-for-ldaps.patch
+Patch0110: 0110-LDAP-failover-does-not-work-on-non-responsive-ldaps.patch
+Patch0111: 0111-Add-TCP-level-timeout-to-LDAP-services.patch
+Patch0112: 0112-sss_sockets-pass-pointer-instead-of-integer.patch
 
 #This patch should not be removed in RHEL-7
 Patch999: 0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec
@@ -915,7 +918,7 @@ done
 %dir %{_sysconfdir}/rwtab.d
 %config(noreplace) %{_sysconfdir}/rwtab.d/sssd
 %dir %{_datadir}/sssd
-%{_sysconfdir}/pam.d/sssd-shadowutils
+%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils
 %{_libdir}/%{name}/conf/sssd.conf
 
 %{_datadir}/sssd/cfg_rules.ini
@@ -1325,6 +1328,12 @@ systemctl try-restart sssd >/dev/null 2>&1 || :
 }
 
 %changelog
+* Wed Mar 18 2020 Michal Židek <mzidek@redhat.com> - 1.16.4-37.1
+- Resolves: rhbz#1801208 - id command taking 1+ minute for returning user
+                           information [rhel-7.8.z]
+                         - Also updates spec file to not replace
+                           /pam.d/sssd-shadowutils on update
+
 * Tue Jan 15 2020 Michal Židek <mzidek@redhat.com> - 1.16.4-37
 - Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider
 - just bumping the version to fix generated dates in man pages