There are a couple things you should check. The first would be to examine /var/log/secure for activity while attempting to log in via SSH to an LDAP user. This will tell you if you're getting denied by pam_sss.so (or if pam_sss.so is returning an internal error).
If you're getting a denial or error from pam_sss.so, you probably want to turn on debug logging in /etc/sssd/sssd.conf by setting 'debug_level = 6' in the [domain/<domainname>] section. This will log to /var/log/sssd/sssd_<domainname>.log. Check this output for any problems (you can turn the debug level up to as high as 9, but it gets noisy).
Also, when you said logging into tty works, did you mean that literally, or did you mean GDM? If the latter, you may need to check whether /etc/pam.d/system-auth AND /etc/pam.d/password-auth mentions pam_sss.so.
If this doesn't help, or your look at the logs turns up an issue, please subscribe to https://fedorahosted.org/mailman/listinfo/sssd-devel
and ask for help there.
Lead Developer, System Security Services Daemon