On (05/08/15 13:02), markus....@mc.ingenico.com wrote:
>I´ve wiped sss_cache before I tried again and restarted the service.
sss_cache just invalidate cache. It does not wipe out it.
It means that sssd must not return value from cache but it shoudl refresh it
from LDAP server

>Nevertheless the problem still persists. Beyond the problem is only located
>on one FreeIPA host. Other hosts have received the updates
>or see the correct values.
What do you mean by "FreeIPA host"?
Is it ipa server/replica or ipa client?

As it was already mantioned int is thread the compat tree is generated
dynamically based on the cn=accounts tree and from information retrieved
by server-mode SSSD.

I would suggest try following steps
1) invalidate sssd cache on ipa server
2) check UID/GID on ipa server (id, getent passwd, getent group ...)
3) check compat tree with ldapsearch
4) invalidate sssd cache on ipa client
5) check UID/GID on ipa client (id, getent passwd, getent group ...)


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to