On (05/08/15 13:02), markus....@mc.ingenico.com wrote: >Hey, > >I´ve wiped sss_cache before I tried again and restarted the service. sss_cache just invalidate cache. It does not wipe out it. It means that sssd must not return value from cache but it shoudl refresh it from LDAP server
>Nevertheless the problem still persists. Beyond the problem is only located >on one FreeIPA host. Other hosts have received the updates >or see the correct values. What do you mean by "FreeIPA host"? Is it ipa server/replica or ipa client? As it was already mantioned int is thread the compat tree is generated dynamically based on the cn=accounts tree and from information retrieved by server-mode SSSD. I would suggest try following steps 1) invalidate sssd cache on ipa server 2) check UID/GID on ipa server (id, getent passwd, getent group ...) 3) check compat tree with ldapsearch 4) invalidate sssd cache on ipa client 5) check UID/GID on ipa client (id, getent passwd, getent group ...) LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project