On Thu, Oct 13, 2016 at 02:30:08PM +0200, Thomas Hummel wrote:
> When using LDAP backend with a DNS name (ldap_uri = ldap://ldap.my.domain),
> I noticed that when the 'A' DNS record gets modified, even if the OS
> resolver is getting the new ip address (command 'host ldap.my.domain' for
> instance), the sssd resolver [be_resolve_server_process] was still caching
> the old ldap ip address.
> It seems that a sssd restart is necessary (then, on the next request for a
> non cached entry, a new connexion is made to the new ip address).
> I didn't change 'ldap_connection_expire_timeout' which I'm not sure, by the
> way, to quite understand as if I grep 'Found address for server' in sssd log
> files, I don't see 15 min intervals.
> So my questions are :
> - is there a way to flush that cached ip (other than restarting) ?
> - without restart, would sssd resolver indefinitely cache the old ip address
> - why don't I see periodic 15min intervals on 'Found address' in logs ?
I think that's just how sssd failover was designed. As long as the
connection is up, sssd sticks to it. The ldap_connection_expire_timeout
seems to be only valid for GSSAPI-encrypted connections where we need to
re-kinit every now and then.
sssd-users mailing list -- email@example.com
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org