URL: https://github.com/SSSD/sssd/pull/5784 Title: #5784: proxy: allow removing group members
alexey-tikhonov commented: """
Given that the `id` command will do lookups by GID an `id` lookup for the user from the second domain which is a member of the group with the duplicated GID will return the wrong group name. In this sense I would say we do not support this kind of configuration.
Additionally, the filesystem is doing access control based with respect to groups with the help of the GID using the same GID in different domains might give users access to files of users from the other domain, which is typically not expected.
I read this as GIDs collisions aren't supported (i.e. GIDs are unique) and hence we can compare GIDs. """
See the full comment at https://github.com/SSSD/sssd/pull/5784#issuecomment-934497065