On (28/11/16 22:02), Jakub Hrozek wrote:
On Mon, Nov 28, 2016 at 07:32:20PM -0000, docbook.xml(a)gmail.com
> We are using the Netrgroups in the Sudoer Rules Host. When a host is added to the
correct netgroup, the admin should be able to execute the appropriate sudoers commands
immediately or in a small time frame. Right now sss_cache -E needs to executed to get the
new netgroups down the host. Which is cumbersome.
"sss_cache -N" should be enough.
You can also decrease the general cache validity timeout of netgroups:
but of course that would cause /all/ netgroup requests to hit the server
As I wrote in that might help if 1.5 hour is not enough for your
I do not know how often do you change netgroups in LDAP and how many
netgroups do you have in LDAP and how many clients do you have connected
to directory server. Because too small value (5 minutes) could create
hight load on LDAP server if you have many clients.