ipagroup: external groups not idempotent

[crt0r]

It seems like ipagroup is not idempotent for external groups with external members. Is this an expected behavior?

When it was discovered?

While running ipagroup more than once.

Module usage

Variables

There are two external groups and two FreeIPA POSIX groups that need to be present.

What it produced?

An error saying the external groups already have members.

[rjeffman]

This is a known bug, that will take some time to be fixed due to the way AD users are handled in FreeIPA.