What were you trying to do that didn't work?

• local group and AD group merge works as expected :

  $ getent group sy
  sy:x:5002:af_sh_sas,ttsastls,dacolapi,dacolbps,dacolcts,dacolops,dacolrun,dacoluit,dacolwrt,daclmbat,dbcolapi,dbcolbps,dbcolcts,dbcolops,dbcolrun,dbcoluit,dbcolwrt,dbclmbat,dcclmbat,ddclmbat,dpcolapi,dpcolbps,dpcolcts,dpcolops,dpcolrun,dpcoluit,dpcolwrt,edcolapi,edcolbps,edcolcts,edcolops,edcolrun,edcoluit,edcolwrt,edcoldaj,edcoldar,u2colapi,u2colbps,u2colcts,u2colops,u2colrun,u2coluit,u2colwrt,u2coldaj,u2coldar,u1colapi,u1colbps,u1colcts,u1colops,u1colrun,u1coluit,pt-56059,pt-60677,pt-60208,pt-60274,pt-60239,pt-88446,pt-60381
   
  

• Now if added another local user (u1colwrt) manually into /etc/group 

$ grep ^sy: /etc/group
sy:x:5002:af_sh_sas,ttsastls,dacolapi,dacolbps,dacolcts,dacolops,dacolrun,dacoluit,dacolwrt,daclmbat,dbcolapi,dbcolbps,dbcolcts,dbcolops,dbcolrun,dbcoluit,dbcolwrt,dbclmbat,dcclmbat,ddclmbat,dpcolapi,dpcolbps,dpcolcts,dpcolops,dpcolrun,dpcoluit,dpcolwrt,edcolapi,edcolbps,edcolcts,edcolops,edcolrun,edcoluit,edcolwrt,edcoldaj,edcoldar,u2colapi,u2colbps,u2colcts,u2colops,u2colrun,u2coluit,u2colwrt,u2coldaj,u2coldar,u1colapi,u1colbps,u1colcts,u1colops,u1colrun,u1coluit,u1colwrt

• Verify "getent group" provided no output :

$ getent group sy
r${code}
 

Please provide the package NVR for which the bug is seen:

• glibc-2.34-168.el9_
• 6.20.x86_64

Expected results

• Getent group should work even after including  additional group members.

Actual results

• Getent group fails

WorkAround Details:

If Customer removes "systemd" from below line in /etc/nsswitch.conf, It works as expected.

$ grep merge nsswitch.conf
group: files [SUCCESS=merge] sss systemd

$ getent group sas <=== empty result
$ grep merge nsswitch.conf
group: files [SUCCESS=merge] files systemd
$ getent group sas <=== sss removed yet still an empty result
$ grep merge nsswitch.conf
group: files [SUCCESS=merge] files <=== systemd part removed and all works ok
$ getent group sas
sas:x:3333:af_sh_sas,ttsastls,dacolapi,dacolbps,dacolcts,dacolops,dacolrun,dacoluit,dacolwrt,daclmbat,dbcolapi,dbcolbps,dbcolcts,dbcolops,dbcolrun,dbcoluit,dbcolwrt,dbclmbat,dcclmbat,ddclmbat,dpcolapi,dpcolbps,dpcolcts,dpcolops,dpcolrun,dpcoluit,dpcolwrt,edcolapi,edcolbps,edcolcts,edcolops,edcolrun,edcoluit,edcolwrt,edcoldaj,edcoldar,u2colapi,u2colbps,u2colcts,u2colops,u2colrun,u2coluit,u2colwrt,u2coldaj,u2coldar,u1colapi,u1colbps,u1colcts,u1colops,u1colrun,u1coluit,u1colwrt,syctidsp,syctioca,af_sh_sas,ttsastls,dacolapi,dacolbps,dacolcts,dacolops,dacolrun,dacoluit,dacolwrt,daclmbat,dbcolapi,dbcolbps,dbcolcts,dbcolops,dbcolrun,dbcoluit,dbcolwrt,dbclmbat,dcclmbat,ddclmbat,dpcolapi,dpcolbps,dpcolcts,dpcolops,dpcolrun,dpcoluit,dpcolwrt,edcolapi,edcolbps,edcolcts,edcolops,edcolrun,edcoluit,edcolwrt,edcoldaj,edcoldar,u2colapi,u2colbps,u2colcts,u2colops,u2colrun,u2coluit,u2colwrt,u2coldaj,u2coldar,u1colapi,u1colbps,u1colcts,u1colops,u1colrun,u1coluit,u1colwrt,syctidsp,syctioca

Additional Details:

Business Requirement:

• Cu has functional workaround in nsswitch.conf, so it is not absolutely urgent but Cu want to go back to their standard configuration. So it would by useful to have fix asap