On Wed, Sep 04, 2013 at 10:18:13AM -0500, cbul...@gmail.com wrote:
> Hi Chris,
> Thanks for your reply!....I forgot to mention that we tried sss_cache
> (sss_cache -u user_id and sss_cache -U) in other RH6 ipa client and  it
> did not work...If we delete manually all /var/lib/sss/db we can see the
> change but it is not going to be a nice solution.

This sounds really strange. Can you run a little experiment for me?

Can you install the ldb-tools package and then run:

1) getent passwd $username
2) ldbsearch -H /var/lib/sss/db/cache_$domain.ldb name=$username
3) modify the entry
4) sss_cache -U
5) ldbsearch -H /var/lib/sss/db/cache_$domain.ldb name=$username
6) getent passwd $username
7) ldbsearch -H /var/lib/sss/db/cache_$domain.ldb name=$username

after you run 2) you should see how the entry looks in the cache with
the old attributes. After running 5) you should see the same attributes,
except for dataExpireTimestamp that should be set to "1".

After running 6), getent should yield the updated data and 7) should reflect

Freeipa-users mailing list

Reply via email to