[Freeipa-users] Incorrect user information
Jakub Hrozek
jhrozek at redhat.com
Wed Sep 4 15:31:43 UTC 2013
On Wed, Sep 04, 2013 at 09:40:29AM -0500, cbulist at gmail.com wrote:
> Hi,
>
> We have a freeipa server (RedHat 6.3, freeipa:3.0.0-26) and freeipa
> client (RedHat 5.9, freeipa client 2.1.3.-5) working in our test testing
> scenario without further problems. We are able to use SUDO, HBAC etc.
> Our problem is when we change a user info (Name or Last Name) and check
> it using the command: getent passwd id_user it showed us the older user
> information.
> We set entry_cache_user_timeout = 0 in sssd.conf file in order to clear
> the cache data but it did not work. Also we tried with:
> use_fully_qualified_domains attribute as recommend in:
> https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Troubleshooting.html#idp26289072
> but it was not helpful.
>
> If we check the user info using ldapsearch command we can see the right
> user info information. Changing the uid or gid we see the new change
> right away.
> Any clue about this problem?
One more additional point about why changing the timestamp might not
have had the effect you wanted..the cache validity that controls when
the entry is refreshed from the cache is stored in the cache as a UNIX
timestamp. So whenever you change the timeout, you also need to
invalidate the cache using the sss_cache tool.
Running the sss_cache tool sets the cache expiration timestamp to 1
(beginning of the Epoch) to force refresh on next query.
Arguably this is not documented well in the sssd.conf manual page, so
I've sent a patch to the upstream development list to document this
behaviour better.
More information about the Freeipa-users
mailing list