[Freeipa-users] Trusted Domain Users - entry_cache_timeout
Jakub Hrozek
jhrozek at redhat.com
Thu Dec 10 10:43:48 UTC 2015
On Thu, Dec 10, 2015 at 11:25:57AM +0100, Martin Kosek wrote:
> On 12/09/2015 12:58 PM, Winfried de Heiden wrote:
> > Hi all,
> >
> > Using entry_cache_timeout to set different cache timeout for sssd works well.
> > However, it doesn't seem to work for Trusted Domain Users (using AD trust)
> >
> > I made some changes, cleaned the cache but expiry will stay on a (too long) 10
> > (ten!) hours!
> >
> > How can I change the sssd cache timeout for Trusted AD users ? (using IPA 4.1)
> >
> > Kind regards!
>
> I assume the option has to be specified in the respective AD domain section.
> Can you share your anonymized sssd.conf so that we can verify your settings?
Looks like I'm having issues replying to the freeipa-users list or maybe
the mails are stuck in moderation.
Let me paste the mail I sent yesterday:
~~~~~~~~~~~~~~~
Since it's the IPA master that fetches the identity data from the AD
server, you also need to change the cache timeouts on the server. In
addition, the cache time lifetime is stored in the cache entry itself,
so you might want to invalidate the cache with sss_cache on both the
server and the client.
~~~~~~~~~~~~~~~
More information about the Freeipa-users
mailing list