We are using SSSD for AD integration in a Hadoop cluster and getting continuous PartialGroupNameException for a specific account.

Below is the sample error snippet.

++++++++++++++++++++

WARN org.apache.hadoop.security.ShellBasedUnixGroupsMapping: unable to return groups for user -SERV-CHEF-COM-JOIN
PartialGroupNameException The user name '-SERV-CHEF-COM-JOIN' is not found. id: invalid option -- 'S'
Try 'id --help' for more information.
Try 'id --help' for more information.
id: invalid option -- 'S'
Try 'id --help' for more information.
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.resolvePartialGroupNames(ShellBasedUnixGroupsMapping.java:212)
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getUnixGroups(ShellBasedUnixGroupsMapping.java:133)
at org.apache.hadoop.security.ShellBasedUnixGroupsMapping.getGroups(ShellBasedUnixGroupsMapping.java:72)
at org.apache.hadoop.security.Groups$GroupCacheLoader.fetchGroupList(Groups.java:368)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:309)
at org.apache.hadoop.security.Groups$GroupCacheLoader.load(Groups.java:267)
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3568)
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2350)
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2313)
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2228)
at com.google.common.cache.LocalCache.get(LocalCache.java:3965)
at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3969)
at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4829)
at org.apache.hadoop.security.Groups.getGroups(Groups.java:225)
at org.apache.hadoop.security.UserGroupInformation.getGroups(UserGroupInformation.java:1778)
at org.apache.hadoop.security.UserGroupInformation.getGroupNames(UserGroupInformation.java:1766)
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.(FSPermissionChecker.java:66)
at org.apache.hadoop.hdfs.server.namenode.FSDirectory.getPermissionChecker(FSDirectory.java:3468)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getPermissionChecker(FSNamesystem.java:4079)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.getFileInfo(FSNamesystem.java:4269)
at org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.getFileInfo(NameNodeRpcServer.java:901)
at org.apache.hadoop.hdfs.server.namenode.AuthorizationProviderProxyClientProtocol.getFileInfo(AuthorizationProviderProxyClientProtocol.java:528)
at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.getFileInfo(ClientNamenodeProtocolServerSideTranslatorPB.java:839)
at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:617)
at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1073)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2216)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2212)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1920)
at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2210)

+++++++++++++++++++++++++++++

Below error is logged in sssd logs.

[sssd[nss]] [sss_mc_find_record] (0x0010): Corrupted fastcache. name_ptr value is 16.

I have below parameter set in my SSSD config.

+++
override_space = _
+++

+++

sssd --version

1.15.2
+++

Man page for SSSD states the following,

+++++
override_space (string)

This parameter will replace spaces (space bar) with the given character for user and group names.
e.g. (_). User name "john doe" will be "john_doe" This feature was added to help compatibility with
shell scripts that have difficulty handling spaces, due to the default field separator in the shell.

Please note it is a configuration error to use a replacement character that might be used in user or group names.
If a name contains the replacement character SSSD tries to return the unmodified name but in general the result of
a lookup is undefined.

Default: not set (spaces will not be replaced)
+++++

Are my error and the config settings related?