[Freeipa-users] FreeIPA user ID differs
Lukas Slebodnik
lslebodn at redhat.com
Wed Aug 5 13:20:22 UTC 2015
On (05/08/15 13:02), Markus.Moj at mc.ingenico.com wrote:
>Hey,
>
>I´ve wiped sss_cache before I tried again and restarted the service.
sss_cache just invalidate cache. It does not wipe out it.
It means that sssd must not return value from cache but it shoudl refresh it
from LDAP server
>Nevertheless the problem still persists. Beyond the problem is only located
>on one FreeIPA host. Other hosts have received the updates
>or see the correct values.
What do you mean by "FreeIPA host"?
Is it ipa server/replica or ipa client?
As it was already mantioned int is thread the compat tree is generated
dynamically based on the cn=accounts tree and from information retrieved
by server-mode SSSD.
I would suggest try following steps
1) invalidate sssd cache on ipa server
2) check UID/GID on ipa server (id, getent passwd, getent group ...)
3) check compat tree with ldapsearch
4) invalidate sssd cache on ipa client
5) check UID/GID on ipa client (id, getent passwd, getent group ...)
LS
More information about the Freeipa-users
mailing list