[RFC] handle id-map cache pollution by "unix users" SIDs
Recently I've encountered a case where some unix uids that fall in the
range of the primary domain got mapped to a unix sid (S-1-22-1-xxx). I'm
not sure yet how could this happen, it must have been a transient error.
But this mapping created a long-lasting cached entry.
So regardless of how it happened, there should not be such a long
lasting cache entry IMHO.
1. Cache unix sids for a shorter time, because usually they represent
incomplete or incorrect configuration - that's simplest, see attached patch.
2. In the legacy uid->sid, first verify the uid is not in the range of a
configured domain, and do the caching only if not in any known