David Christensen wrote:
Hash: SHA1

When I add a user to additional groups beyond ipausers; groups that were
manually added, why is the ipa UI showing users belonging to the group,
but not showing them belonging to the group when I run `getent group
"groupname"`?  If I just run `getent group` I see all the groups in ipa
as well as any users that are assigned to them, which shows the users of
the group that was empty when I ran getent group "groupname".

Any reason why this is occuring?

Is nscd running? It may have cached the group. You can try restarting nscd or invalidating the group cache with: nscd -i group.

nscd is a mixed blessing. It saves a lot of work for the LDAP server but can cause lots of grief like this. Fortunately it has a *ton* of knobs to turn, see nscd.conf for details on tuning your caches (positive and negative).


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Freeipa-users mailing list

Reply via email to