Hi,
the attached patch fixes https://bugzilla.redhat.com/show_bug.cgi?id=1071578
The problem was that the intermediate computing we did added an originalMemberUser attribute to sysdb_attrs that was never intended to be stored in sysdb. But because we stored the attributes after the computing, we also stored originalMemberUser.
When sssd was online, this wasn't a problem as the cache got purged and recreated again, but when offline, adding another originalMemberUser added a duplicate attribute so storing the rules failed with EEXIST and the user was assigned a default rule.
Another improvement might be to only delete and store the rules when online -- right now the logic is a bit strange when offline as we read rules from the cache, delete them and then store the same rules again.