Description of problem:

Issues with ldap_fluff when diff objects with the same name are in the AD forest. Basically, after login, the code will wipe out some users from the group list.

dn: CN=ca_unixadmins,OU=groups,OU=linux,DC=acme,DC=com
objectClass: top
objectClass: group
cn: ca_unixadmins
distinguishedName: CN=ca_unixadmins,OU=groups,OU=linux,DC=acme,DC=com
displayName: ca_unixadmins
name: ca_unixadmins
sAMAccountName: ca_unixadmins

dn: CN=ca_unixadmins,OU=sudoers,OU=linux,DC=acme,DC=com
objectClass: top
objectClass: sudoRole
cn: ca_unixadmins
distinguishedName: CN=ca_unixadmins,OU=sudoers,OU=linux,DC=acme,DC=com
sudoCommand: ALL
sudoHost: ALL
sudoOption: !authenticate
sudoUser: %ca_unixadmins 

In the example above, we can see 2 DNs with the same name, but diff locations. Once the customer login and the user group feature is enabled, the user list will get wiped out from the current list, and this is happening because the system is getting the second one, instead of the first.

As a workaround here, when defining the BaseGroup DN to OU=groups,OU=linux,DC=acme,DC=com, that will work as expected. Just one attention point here, if there are different groups in different levels of these three, this can be a blocker.

How reproducible:

100% in the customer env, and probably if we replicate, we will be able to see the same. This is happening on Active Directory.

Is this issue a regression from an earlier version:

Steps to Reproduce:

1. Setup Satellite

2. Setup AD

3. Create on AD the scenario above

4. Try to login

Actual behavior:
When setting the GroupBaseDN to that specific OU, you should be able to see the list of the users on the UserGroup page. However, when removing the GroupBaseDN, the whole list of users will vanish.

Expected behavior:
The list of users should stay still.

Business Impact / Additional info: