GROUPS: Filter the members

Explanation

src/providers/ldap/ldap_id.c

@@ -1211,8 +1211,17 @@ struct tevent_req *groups_by_user_send(TALLOC_CTX *memctx,
         state->non_posix = true;
     }
 
+    /* Should group members be ignored unconditionally or base on
+     * ignore_group_members or not at all ? */
+    const char **filter;
+    const char *member_filter[2];
+    member_filter[0] = (const char *) ctx->opts->group_map[SDAP_AT_GROUP_MEMBER].name;
+    member_filter[1] = NULL;
+
+    filter = state->domain->ignore_group_members ? (const char **) member_filter : NULL;
+
     ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP,
-                               NULL, &state->attrs, NULL);
+                               filter, &state->attrs, NULL);
     if (ret != EOK) goto fail;
 
     ret = groups_by_user_retry(req);

src/providers/ldap/sdap_async_initgroups.c

@@ -959,23 +959,22 @@ static errno_t sdap_initgr_nested_deref_search(struct tevent_req *req)
 
     state = tevent_req_data(req, struct sdap_initgr_nested_state);
 
+    /* [ALE]
+     * Is this map really needed?
+     * I think the mapping is already applied to state->grp_attrs. */
     maps = talloc_array(state, struct sdap_attr_map_info, num_maps+1);
     if (!maps) return ENOMEM;
 
     maps[0].map = state->opts->group_map;
     maps[0].num_attrs = SDAP_OPTS_GROUP;
     maps[1].map = NULL;
 
-    ret = build_attrs_from_map(state, state->opts->group_map, SDAP_OPTS_GROUP,
-                               NULL, &sdap_attrs, NULL);
-    if (ret != EOK) goto fail;
-
     timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
 
     subreq = sdap_deref_search_send(state, state->ev, state->opts,
                     state->sh, state->orig_dn,
                     state->user_map[SDAP_AT_USER_MEMBEROF].name,
-                    sdap_attrs, num_maps, maps, timeout);
+                    state->grp_attrs, num_maps, maps, timeout);
     if (!subreq) {
         ret = EIO;
         goto fail;