It is possible to have a machine where none of the GPOs associated with it include access-control rules. Currently, this results in a denial-by-system-error.
We need to treat this case as allowing the user (see the test cases in https://fedorahosted.org/sssd/wiki/DesignDocs/ActiveDirectoryGPOIntegra tion
We also need to delete the result object from the cache to ensure that offline operation will also grant access.