Cause: While performing access control in the IPA backend, the SSSD errorneously downloaded the "member" attribute from the server and then attempted to use it in the cache verbatim
Consequence: The cache attempted to use the "member" attribute values as if they were pointing to the local cache which was quite CPU intensive. The users saw the CPU spiking up.
Fix: We no longer download and process the member attribute when processing host groups
Result: The login process is reasonably fast even with large host groups.