Hi,
another issue found by Steeve during testing. To reproduce this you need
a universal group with members from different domains. Then either look
up the group by SID e.g. with
python -c "import pysss_nss_idmap; print pysss_nss_idmap.getnamebysid('S-1-5-21-3456664713-2053453454-4165325232-1234')"
and then with getent group groupname.
Or use IPA views, override the group name in the 'default trust view'
on the IPA server and look up the group by the overridden name. In both
case the group should not already be in the cache. Only members from the
domain of the group should be show without the patch.
bye,
Sumit