I have noticed that group membership is functioning differently on CentOS 8 with FreeIPA 4.8.4-7 than I remember it functioning on CentOS 7. This is a clean install with no use of backups. 

I have a user user(2063) with a primary group of admingroup(2060). I set up a sudo rule for members of admingroup(2060) and still could not sudo. The user does not show up in admingroup(2060) as a member and could not use sudo until I added the user to the group. 

I do not remember this being the case when we were using CentOS 7 and the available packages. I have also seen this when creating a service use to set up crons to keep the new FreeIPA installation in sync with the OpenLDAP installation we are replacing. No users show as members of the group assigned as the user's GID. 

My memory could be incorrect but I do not remember having to add members to groups that had a primary GID of said group in order for sudo rules or ipa commands to work (after kinit of course). If this is by design then I will need to write something really quick to get members added to their primary groups or if it's a setting I haven't been able to find it. I would appreciate any help.