On 06.04.2017 01:57, Greg Gilbert wrote:
Hey. I'm a bit new to FreeIPA, so apologies if this has already been addressed. For reference, I'm running FreeIPA 4.4 server on CentOS 7, and FreeIPA client 4.3.1 on Ubuntu nodes.

I've noticed that when I make changes to policies, it either takes a long time to propagate out to the client nodes, or requires a manual restart of the sssd service. In this case, I'm testing adding and removing a user from a sudo rule. Is this the correct behavior, or is there a misconfiguration on my part somewhere?

- greg


Hello,

it is caused by SSSD caches, to refresh particular objects in cache see `man sss_cache`.

You can lower TTL for records in cache, but the lower TTL, the higher load on server (`man sssd.conf` search for cache).

Martin

--
Martin Bašti
Software Engineer
Red Hat Czech

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to