[Freeipa-users] Is there any delay after applied rules to user?
Dewangga Bachrul Alam
dewanggaba at xtremenitro.org
Fri Jul 31 02:19:30 UTC 2015
Hello!
Sorry for making you confused.
The main problem is the cache on ipa server/client. How long the cache
remain active and refresh with correct policy/rules.
Whenever I set the sudo rules, modify another configuration (policy,
etc), it's always have delay.
And until now, the global_policy still didn't use correct configuration.
It's still using min 0, max 0 configuration (I set this policy
yesterday, and was revert it back to min 1 max 90 on yesterday too)
Any hints?
On 07/31/2015 01:47 AM, Jakub Hrozek wrote:
> On Thu, Jul 30, 2015 at 09:50:23PM +0700, Dewangga Bachrul Alam wrote:
>> Hello!
>>
>> I don't know start from where to tracking down this issue. I found
>> another something interesting.
>>
>> 1. Set `global_policy` password expired (both min and max) to 0 (zero)
>> 2. Add user called `dummy`
>> 3. Set global_policy password expired min (1) and max (90).
>> 4. Add user called `dummy2`
>>
>> Both user dummy and dummy2 have same password expiration :D
>> This problem is same with assign sudo/group to user.
>>
>> I was set debug_level = 7 to following section in sssd.conf :
>>
>> [domain/mydomain.co.id]
>> .. debug_level = 7 ..
>>
>> [sssd]
>> .. debug_level = 7 ..
>>
>> [sudo]
>> .. debug_level = 7 ..
>>
>> I didn't find any related information about the 4 step above.
>
> I'm sorry, but I'm getting a bit confused about what is and what is not
> the problem. Can we take a step back and see what works in your
> environment and what does not?
>
> Can you describe the workflow?
>
More information about the Freeipa-users
mailing list