We do have the problem that a user from an AD group does not show up in IPA whereas all other users of this particular group do. The AD group is used for PAM authorization in Apache.
The AD group is correctly mapped in IPA. However, the AD group is a domain local group. (shouldn't these groups not work at all in combination with IPA?)
The only thing we saw immediately in the log files was "user not known to the underlying PAM module". What else should we look for?
Cheers, Ronald