Hi, SSSD is also using a memory cache, and you need to remove the files in /var/lib/sss/mc/ in order to clean it. Its lifetime and size can also be set in sssd.conf, please look for memcache_* in sssd.conf man page.
flo On Fri, Jun 25, 2021 at 5:28 PM iulian roman via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote: > Hello, > > I tried for some time to understand how the cache invalidation works on > the clients, and I have to admit that I am even more confused that when I > started, therefore I would like to ask if there is someone who can either > explain or point me to the relevant documentation. > I'll describe bellow the situation I am currently facing: > > PHASE 1 > - RedHat Idm with AD trust configured (non-posix) > - override the UID of AD users in Idm > - on the clients run the id <username> ; the correct (overwritten ) UID > and an auto-generated GID is displayed > > PHASE 2 > - overwrite the GID as well on Idm > - on the clients still the old auto-generated GID is displayed (after > sss_cache -E and restart of sssd) when I run id <username> > - remove everything in /var/lib/sss/db , restart sssd and run id > <username> - no user found > - getent group <username> - new overwritten GID is displayed > - id <username> displays the correct UID and GID > > For the users who are not in cache, restarting sssd seems to be enough > (although I did not test if thoroughly). > > My question is : > What do I have to do on the client in order to have the latest information > from the Idm Override ? Apparently sss_cache -E and restart ssssd is not > enough . > Do we always need to remove everything in /var/lib/sss/db in order to have > the latest information from the server ? > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure