Groups from LDAP: "getent" reports membership correctly but missing in output of "id"

I have a Debian 10 machine which uses PAM LDAP for authentication. In LDAP I have two users alice and bob which are both members of group mygroup. Everything has worked fine (so the configuration shouldn't be too far off) until I recently discovered some weirdness with my groups (not sure what happened): - ldapsearch reports user alice as a member of group mygroup (as it should). - getent group shows user alice as a member of group mygroup (as it should).

root@tux:~# getent group | grep mygroup
    mygroup:*:1210:alice,bob

- id does _not_ report alice to be a member of group mygroup:

root@tux:~# id alice
    uid=1200(alice) gid=1200(alice) groups=1200(alice)

- Surprisingly enough user bob is reported to be a member of mygroup:

root@tux:~# id bob
    uid=1201(bob) gid=1201(bob) groups=1210(mygroup),1201(bob)

So far I thought that both getent and id are getting their information from the Name Service Switch library (NSS). I'm confused and hoping for some hints how to troubleshoot.