Description of problem:

'Usergroup Sync = True' has the opposite effects under 'LDAP Group membership type = POSIX + RFC4519', even after verifying LDAP query via foreman-rake finds members under 'groupOfUniqueNames'

How reproducible:

100%

Is this issue a regression from an earlier version:

Steps to Reproduce:

1. Set up an external authentication with 'LDAP Group membership type = POSIX + RFC4519' and 'Usergroup Sync = True'

2. Create an external group to match the one from the LDAP to link and assign a role (ex: Administrator) in the web ui

3. Ensure LDAP query via foreman-rake finds members under 'groupOfUniqueNames'

4. Log in to the web ui as one of the members, and the user will not get the external group allocation and its privilege (just default permssion w/o any priv)

5. 'foreman /usr/sbin/foreman-rake ldap:refresh_usergroups' will instate the proper external group and its priv

6. Logging out and logging back in the web ui with the same user will result in loss of the external group repeatedly.

Actual behavior:
The external auth with 'LDAP Group membership type = POSIX + RFC4519' and 'Usergroup Sync = True' will not sync the user group at the login

Expected behavior:
The external auth with 'LDAP Group membership type = POSIX + RFC4519' and 'Usergroup Sync = True' should sync the user group at the login

Business Impact / Additional info: