Hello,

two groups with identical cn, but residing in different OUs on the same level, containing the same user accounts. The first has got RID 307742 and gidNumber 10307742. The other has got RID 307744 and gidNumber 10307744.

Running "id useraccount" returns the group with the lower gidNumber. After renaming the second group (adding the number 2), both groups are resolved.

Moving first group (RID 307742/gidNumber 20307742) away from search base and create a third group with the same name. This group gets RID 307358 and gidNumber 10307358 returns this newly created group when running "id useraccount".

Level 9 log shows this difference:
[sssd[be[ad.example.org]]] [sysdb_search_users] (0x2000): Search users with filter: (&(objectclass=user)(gidNumber=10307742))

[sssd[be[ad.example.org]]] [sysdb_search_users] (0x2000): Search users with filter: (&(objectclass=user)(gidNumber=10307358))

It is always the group with the lower gidNumber that's beeing checked.

Is SSSD using some name based filter? Or what filter is being used?

Regards
Davor Vusir