On Thu, 22 Jul 2010 11:10:25 -0400 Scott Duckworth <[email protected]> wrote:
> I removed all files from /var/lib/sss/db/ and restarted sssd. Same > behavior. nscd is disabled, so I don't think it's caching at any > level. > > Here is what I ran: > > [r...@duck2 ~]# getent passwd sduckwo > sduckwo:*:45265:10000:Scott Duckworth:/home/sduckwo:/bin/bash > [r...@duck2 ~]# groups sduckwo > sduckwo : cuuser > [r...@duck2 ~]# getent group coes_socunix > coes_socunix:*:120105:sduckwo When enumeration is disabled this is the normal behavior. You will see only users/groups that have been fetched. Generally at login time because of the initgroups call. Ie a users will always have correct memmberships, but groups may not should all user members they truly have in the ldap server. If you require perfect representation you will have to turn on enumeration. This will eventually show up all the memberships although on the first startup it may take a while to show all groups, until they have all been downloaded and cached. Changes to group memberships may also take some time to show as enumerations are scheduled periodically and results cached. Of cours when a user logs in its information (including its group membership) is refreshed and validated, so at login time the membership is correctly updated for that user across all its groups. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
