On Wed, Jan 10, 2018 at 09:22:05AM +0000, Marin BERNARD wrote:
> > > Hi,
> > >
> > >
> > >
> > > The client systems are the FreeIPA servers! Both are running on up-to-
> > date CentOS 7.4 with sssd 1.15.2.
> > 
> > There is https://pagure.io/SSSD/sssd/issue/3431 which is fixed upstream in
> > 1.15.3 which might prevent the automatic enabling of enterprise principals
> > on the clients if the domain objects are already stored in the cache of
> > SSSD.
> > 
> > bye,
> > Sumit
> 
> Yes, but I tried to flush the sssd cache several times before writing to the 
> list.
> I used sssd_cache -E though ; I did not try to remove the whole /var/db/sssd 
> directory.

Unfortunately you have to remove the cache with rm in this case,
sss_cache -E just invalidates the entries by resetting a timestamp.

> As far as I understand it, automatic enabling of enterprise principal is 
> handled by sssd providers like AD or IPA providers. Does the FreeIPA provider 
> shipped with sssd 1.15 implement this feature?

Yes, but with the isssue mentioned above.

HTH

bye,
Sumit
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to