Hello all, I found the following URL, which "corrected" the problem using the workaround provided by Thorsten - although it should be fixed in our SSSD version (1.16.2.13):
https://bugzilla.redhat.com/show_bug.cgi?id=1359208 Thanks! John DeSantis Il giorno mer 3 apr 2019 alle ore 15:57 John Desantis <desan...@mail.usf.edu> ha scritto: > > Hello all! > > Due to how our organization is moving, we'll be forced to upgrade our > current IPA installation. In a nutshell, this involves using a > one-way AD trust. > > So, with the latest versions of RHEL and IPA offered on our Satellite > server, I was able to get an installation up and running and AD trust > established; because of the work of all of the IPA developers, this > was quite easy - THANK YOU. > > I've noticed that there seems to be a major delay in how often an > external user's group membership is updated. In fact, it seems that I > have to run sss_cache -u against the external user in order to verify > additions/removals from the group in question. > > Since I'm still in a testing phase, I am performing the queries on the > only two provisioned nodes in the new realm, the IPA servers > themselves. Has any other user with the same configuration run into > this issue, too? If so, anything to double-check? > > I'm certain that this is an sss configuration issue, but after > searching through google and this mailing list, I can't seem to find > any real "solution". > > Thanks, > John DeSantis _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org