Description of problem:
sssd maps only specific AD group types (ie those that contain security related attributes like sid and guid or uidNumber and gidNumber for posix) and while it is quite logical and understandable from implementation perspective it is not at all clear from end user perspective at all which group types are supported and what requirements on AD side are to create groups that can be used with sssd. the docs / man pages should dedicate a small section somewhere explaining that and listing supported AD group types. this is specifically relevant to deployments where distribution type groups are used on AD side and then some customers have expectations that those would work with sssd mapping as well which they of course do not so this has to be explained or at least stated clearly somewhere in the docs.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (sssd bug fix and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2023:2514