ipa s2n: do not add UPG member
Currently the IPA provider uses user private groups for users from
trusted AD domains with automatic ID-mapping. Here a single cached user
object is used for both user and group. Since the user private group is
the primary group of the user it is expected that there is no explicit
member attribute.
While processing the group membership on an IPA client the user private
group is treated as ordinary group and a member attribute is added. As a
result the user cannot be deleted anymore due to an error caused by the
memberOf plugin because there is a member attribute without a matching
memberOf. This patch makes sure user private groups are skipped.
Related to https://pagure.io/SSSD/sssd/issue/3984
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>