This would necessarily refetching rules this would clearing out the cache of the ldap database on the client system. Sorry if I was cryptic. I know if you use openldap you can set a timeout for it refresh the database. Is there a way to do that w/ FreeIPA?
On Thursday, November 9, 2017 1:43 AM, Jakub Hrozek via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: On Wed, Nov 08, 2017 at 03:52:57PM +0000, Andrew Meyer via FreeIPA-users wrote: > Let's say I have a user that starts today and I forgot to add their > username to FreeIPA. I add their username and they need to start working > fairly quickly. I know that I can clear the sudo cache on each server > with sss_cache -E but is there a way to do this w/ ldap/kerberos queries > to have it reread the ldap database? ~~ I'm not sure what exactly do you mean by "it", but see man sssd-sudo for some explanation of the caching mechanism. Re-fetching the rules on-demand is not implemented yet. _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org