[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card
dkupka
freeipa-github-notification at redhat.com
Tue Mar 7 16:29:59 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
dkupka commented:
"""
@flo-renaud While playing with this command I've noticed one disturbing fact. Because we rely on SSSD and SSSD rely its cache we will likely return inaccurate result.
I'm thinking about use-case when admin calls certmap-match to list current users mapped to the certificate. Then he performs some changes and calls certmap-match again to verify his changes. At that point SSSD may use cache and return obsolete result.
One possible solution would be expiring the cache on every certmap-match call but that can easily have serious performance impact.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/516#issuecomment-284774035
More information about the Freeipa-devel
mailing list