10:26 a.m.
Hello,
I tried for some time to understand how the cache invalidation works on the clients, and I
have to admit that I am even more confused that when I started, therefore I would like to
ask if there is someone who can either explain or point me to the relevant documentation.
I'll describe bellow the situation I am currently facing:
PHASE 1
- RedHat Idm with AD trust configured (non-posix)
- override the UID of AD users in Idm
- on the clients run the id <username> ; the correct (overwritten ) UID and an
auto-generated GID is displayed
PHASE 2
- overwrite the GID as well on Idm
- on the clients still the old auto-generated GID is displayed (after sss_cache -E and
restart of sssd) when I run id <username>
- remove everything in /var/lib/sss/db , restart sssd and run id <username> - no
user found
- getent group <username> - new overwritten GID is displayed
- id <username> displays the correct UID and GID
For the users who are not in cache, restarting sssd seems to be enough (although I did not
test if thoroughly).
My question is :
What do I have to do on the client in order to have the latest information from the Idm
Override ? Apparently sss_cache -E and restart ssssd is not enough .
Do we always need to remove everything in /var/lib/sss/db in order to have the latest
information from the server ?