Having users su/sudo in Linux based on Active Directory group when using pam_winbind

I have RavenDB set up which is queried through a WebApi layer. The RavenDb layer returns an IQueriable onto which OData filters are applied in the WebApi layer. Every Employee object that is saved in the RavenDB has a Version property associated with it (value of DateTime.UtcNow.Ticks while saving the document). Recently I was working on a requirement where I can save same Employee multiple times over the period of time (as separate entities, differing in their property values but with same Id), but I only want to fetch the latest one based on its Version value.

In order to achieve this I used MapReduce as described below :

public class Employee_Version : AbstractIndexCreationTask<Employee>
{
    public Employee_Version()
    {
        Map = employees => from employee in employees
                           select new Employee
                           {
                               FirstName = employee.FirstName,
                               LastName = employee.LastName,
                               Departments = employee.Departments,
                               Id = employee.Id,
                               Version = employee.Version,
                               ManagerId = employee.ManagerId,
                               EmployeeId=employee.EmployeeId
                           };

        Reduce = results => from result in results
                            group result by result.ManagerId
                                into g
                                select new
                                {
                                    ManagerId = g.OrderByDescending(d => d.Version).First().ManagerId,
                                    Departments = g.OrderByDescending(d => d.Version).First().Departments,
                                    FirstName = g.OrderByDescending(d => d.Version).First().FirstName,
                                    LastName = g.OrderByDescending(d => d.Version).First().LastName,
                                    Version = g.OrderByDescending(d => d.Version).First().Version,
                                    Id = g.OrderByDescending(d => d.Version).First().Id,
                                    EmployeeId = g.OrderByDescending(d => d.Version).First().EmployeeId
                                };
    }
}

Raven Repository Code :

public IQueryable<Employee> GetEmployees(Expression<Func<Employee, bool>> expression)
{
    using (var session = DocumentStore.OpenSession())
    {
        return session.Query<Employee, Employee_Version>().Statistics(out querysStatistics).Where(expression),
    }
}

Web Api Layer Code :

Expression<Func<Employee, bool>> managerIdFilter = e => e.ManagerId == 123;
var employeeQueryable = _employeeRepository.GetEmployees(managerIdFilter);
var queryable = modelOptions.ApplyTo(employeeQueryable.Queryable, new ODataQuerySettings
{
    EnableConstantParameterization = false,
    HandleNullPropagation = HandleNullPropagationOption.False
});

When I query it like :

http://localhost/employee/list?$top=1

I get following exception :

Inner ExcpetionUrl: \"/databases/documents/indexes/Document/Version?&query=ManagerId%3A123&pageSize=1&sort=__document_id&SortHint-__document_id=String\"\ \ \ \ System.ArgumentException: The field '__document_id' is not indexed, cannot sort on fields that are not indexed

The same query works fine if no OData filter is used.