Hello!

Sorry for making you confused.

The main problem is the cache on ipa server/client. How long the cache
remain active and refresh with correct policy/rules.

Whenever I set the sudo rules, modify another configuration (policy,
etc), it's always have delay.

And until now, the global_policy still didn't use correct configuration.
It's still using min 0, max 0 configuration (I set this policy
yesterday, and was revert it back to min 1 max 90 on yesterday too)

Any hints?

On 07/31/2015 01:47 AM, Jakub Hrozek wrote:
> On Thu, Jul 30, 2015 at 09:50:23PM +0700, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> I don't know start from where to tracking down this issue. I found
>> another something interesting.
>>
>> 1. Set `global_policy` password expired (both min and max) to 0 (zero)
>> 2. Add user called `dummy`
>> 3. Set global_policy password expired min (1) and max (90).
>> 4. Add user called `dummy2`
>>
>> Both user dummy and dummy2 have same password expiration :D
>> This problem is same with assign sudo/group to user.
>>
>> I was set debug_level = 7 to following section in sssd.conf :
>>
>> [domain/mydomain.co.id]
>> .. debug_level = 7 ..
>>
>> [sssd]
>> .. debug_level = 7 ..
>>
>> [sudo]
>> .. debug_level = 7 ..
>>
>> I didn't find any related information about the 4 step above.
> 
> I'm sorry, but I'm getting a bit confused about what is and what is not
> the problem. Can we take a step back and see what works in your
> environment and what does not?
> 
> Can you describe the workflow?
> 

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to