David Christensen wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1When I add a user to additional groups beyond ipausers; groups that were manually added, why is the ipa UI showing users belonging to the group, but not showing them belonging to the group when I run `getent group "groupname"`? If I just run `getent group` I see all the groups in ipa as well as any users that are assigned to them, which shows the users of the group that was empty when I ran getent group "groupname". Any reason why this is occuring?
Is nscd running? It may have cached the group. You can try restarting nscd or invalidating the group cache with: nscd -i group.
nscd is a mixed blessing. It saves a lot of work for the LDAP server but can cause lots of grief like this. Fortunately it has a *ton* of knobs to turn, see nscd.conf for details on tuning your caches (positive and negative).
rob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users