GPO: Fix bug with empty GPO rules
When two or more GPO rules were defined on the server
and one of them contained no SIDs (no users or groups
were specified), then SSSD failed to store such rule
and users were denied access (system error).
This patch changes the behavior so that in case
there are no SIDs in the rule a special value is
stored with the rule to indicate that the rule
was actually specified, but this value will not
match any real SID (because the rule should be
empty).
Resolves:
https://pagure.io/SSSD/sssd/issue/3680
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>