Hello all,
I found the following URL, which "corrected" the problem using the
workaround provided by Thorsten - although it should be fixed in our
SSSD version (1.16.2.13):
https://bugzilla.redhat.com/show_bug.cgi?id=1359208
Thanks!
John DeSantis
Il giorno mer 3 apr 2019 alle ore 15:57 John Desantis
<desantis(a)mail.usf.edu> ha scritto:
>
> Hello all!
>
> Due to how our organization is moving, we'll be forced to upgrade our
> current IPA installation. In a nutshell, this involves using a
> one-way AD trust.
>
> So, with the latest versions of RHEL and IPA offered on our Satellite
> server, I was able to get an installation up and running and AD trust
> established; because of the work of all of the IPA developers, this
> was quite easy - THANK YOU.
>
> I've noticed that there seems to be a major delay in how often an
> external user's group membership is updated. In fact, it seems that I
> have to run sss_cache -u against the external user in order to verify
> additions/removals from the group in question.
>
> Since I'm still in a testing phase, I am performing the queries on the
> only two provisioned nodes in the new realm, the IPA servers
> themselves. Has any other user with the same configuration run into
> this issue, too? If so, anything to double-check?
>
> I'm certain that this is an sss configuration issue, but after
> searching through google and this mailing list, I can't seem to find
> any real "solution".
>
> Thanks,
> John DeSantis