On Thu, Dec 10, 2015 at 11:25:57AM +0100, Martin Kosek wrote:
> On 12/09/2015 12:58 PM, Winfried de Heiden wrote:
> > Hi all,
> > 
> > Using entry_cache_timeout to set different cache timeout for sssd works 
> > well. 
> > However, it doesn't seem to work for Trusted Domain Users (using AD trust)
> > 
> > I made some changes, cleaned the cache but expiry will stay on a (too long) 
> > 10 
> > (ten!) hours!
> > 
> > How can I change the sssd cache timeout for Trusted AD users ? (using IPA 
> > 4.1)
> > 
> > Kind regards!
> 
> I assume the option has to be specified in the respective AD domain section.
> Can you share your anonymized sssd.conf so that we can verify your settings?

Looks like I'm having issues replying to the freeipa-users list or maybe
the mails are stuck in moderation.

Let me paste the mail I sent yesterday:

~~~~~~~~~~~~~~~
Since it's the IPA master that fetches the identity data from the AD
server, you also need to change the cache timeouts on the server. In
addition, the cache time lifetime is stored in the cache entry itself,
so you might want to invalidate the cache with sss_cache on both the
server and the client.
~~~~~~~~~~~~~~~

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to