Hi Lukas, Does the LDAP entry need to be removed or just modified? Could the LDAP entry be a sudo policy assigned to the user?
In my tests with modified sudo policies the cache entries would persists even after they were invalidated and the user re-authenticated with the LDAP server. Unless I wanted to wait for a smart refresh of the cache I had to delete the entry from the cache with ldbdel and then restart the SSSD daemon. I wonder if there is a better way to refresh the cache on demand. Thanks, Dimitar On Sat, Dec 21, 2013 at 3:28 PM, Lukas Slebodnik <[email protected]>wrote: > On (20/12/13 18:42), Dimitar Georgievski wrote: > >Hi Dmitri, > > > >One follow up question about the management of the SSSD local cache. I've > >tried to clean cache entries with the sss_cache utility, but it looks like > >this utility is not working. I was able to confirm with ldbsearch that > >records for specific entries were not removed from the cache. > > > >This seems to be a bug. I can use ldpdel with a restart of the SSSD > daemon, > >but just wanted to confirm with you. I suspect you would know more about > >this problem. Unfortunately I wasn't able to find any info yet about this > >potential bug. > > > >thanks > > > >Dimitar > > > sss_cache does not remove users from cache (sss_cache -U) > This utility sets expiration of account to the past (unix time with value > 1), > because user needs to be able authenticate offline. > Entry will be removed from cache if user try to > authenticate online and entry is removed from LDAP. > > LS >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
