I got another idea which could help you.
By default we use tokengroups for obtaining group membership it is
faster. But it caused some problems in your case so you can try do
disable this feature.
Try to put "ldap_use_tokengroups = false" into domain section of
It is workaround which can help nevertheless we want to fix your
BUM! It works!
Neverthless, if I can help to fix the bug, tell me how to test the RPM with extra debug
messages under RHEL 7.1.