On Wed, Jan 10, 2018 at 09:22:05AM +0000, Marin BERNARD wrote:
> > > Hi,
> > >
> > >
> > >
> > > The client systems are the FreeIPA servers! Both are running on up-to-
> > date CentOS 7.4 with sssd 1.15.2.
> > There is https://pagure.io/SSSD/sssd/issue/3431 which is fixed upstream in
> > 1.15.3 which might prevent the automatic enabling of enterprise principals
> > on the clients if the domain objects are already stored in the cache of
> > SSSD.
> > bye,
> > Sumit
> Yes, but I tried to flush the sssd cache several times before writing to the
> I used sssd_cache -E though ; I did not try to remove the whole /var/db/sssd
Unfortunately you have to remove the cache with rm in this case,
sss_cache -E just invalidates the entries by resetting a timestamp.
> As far as I understand it, automatic enabling of enterprise principal is
> handled by sssd providers like AD or IPA providers. Does the FreeIPA provider
> shipped with sssd 1.15 implement this feature?
Yes, but with the isssue mentioned above.
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org