On Wed, Dec 09, 2015 at 12:58:23PM +0100, Winfried de Heiden wrote: > Hi all, > > Using entry_cache_timeout to set different cache timeout for sssd works > well. However, it doesn't seem to work for Trusted Domain Users (using AD > trust) > > I made some changes, cleaned the cache but expiry will stay on a (too > long) 10 (ten!) hours! > > How can I change the sssd cache timeout for Trusted AD users ? (using IPA > 4.1) > > Kind regards!
(I thought I already replied but I don't see the reply on the list and neither in my Sent folder. Apologies if this is a duplicate). Since it's the IPA master that fetches the identity data from the AD server, you also need to change the cache timeouts on the server. In addition, the cache time lifetime is stored in the cache entry itself, so you might want to invalidate the cache with sss_cache on both the server and the client. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
