Comment 2 for bug 227229

I confirm this one.

The problem is that even thought there is this line in the ldap.conf
"nss_map_objectclass posixGroup group"

It will still recognise the AD groups which are not POSIX one's. This will lead it to error with the GID's.
I made my work-around with
"nss_base_group ou=Linux,dc=my,dc=domain,dc=com?one"

and placed all the POSIX groups under the OU named Linux at the root of our Domain.

Another work around is to give all the groups Unix attributes, but in our domain it was impossible because we are a part of a whole lot of bigger forest and we have some cross grouping in the forest.