IPA: Remove MPG groups if getgrgid was called before getpw()
This bug only affects IPA clients that are connected to IPA servers with
AD trust and ID mapping in effect.
If an IPA client calls getgrgid() for an ID that matches a user, the
user's private group would be returned and stored as a group entry.
Subsequent queries for that user would fail, because MPG domains impose
uniqueness restriction for both the ID and name space across groups and
To work around that, we remove the UPG groups in MPG domains during a
Reviewed-by: Sumit Bose <firstname.lastname@example.org>