Just a general question about the behaviour of sss_cache , is and ldapsearch.
Id will return say 8 groups and for the same user ldapsearch will return 10. Now as long as if returns 8 apps report authentication denied because the user is not in an expected group. Now when we run sss_cache -E to invalidate the cache, id Will now return all 10 groups. Now the group change was done days ago and our entry_cache_timeout is at default of 5400. Why do we still need to run sss_cache -E if the timeout should take care of things? We are directly authenticated against AD via computer objects. Just asking a general question as I’m curious how this works. Cheers, Tom Sent from my iPhone _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org