This bug is created as a clone of upstream ticket:
Currently SSSD downloads the complete nested groups when looking up groups by SID, especially during tokenGroups processing. We should only download the information about the group object itself, not the contents of the group
*** Bug 1207970 has been marked as a duplicate of this bug. ***
Lukas' patches that fixed the regression:
Verified via automation run against large no. of user and group sets on AD. Verified in sssd-1.13.0-5.el7.x86_64.rpm
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.