Hi,
when processing nested group memberships from multiple domains SSSD
might try to add a group to a wrong domain which will cause lookup
errors later because the group cannot be looked up in the wrong domain.
To avoid this the 2nd patch tries to determine the domain based on the
SID of the group if available. Unfortunately I wasn't able to reproduce
the issue so far but the original reported confirmed that the patch
fixes the issue for him.
The first patch is a related issue I found while debugging the group
issue. There is no error caused by this but it might cause a LDAP lookup
for the user although it is already in the cache.
bye,
Sumit