[Freeipa-users] AD Integration change propagation timing
Michael ORourke
mrorourke at earthlink.net
Fri Apr 8 02:28:22 UTC 2016
I have a question regarding AD Integration with FreeIPA (CentOS
7.1/freeipa 4.2.0) and Windows Server 2008 R2 with a Functional Level
forest of 2008 R2. Given a simple scenario of a group in active
directory that is mapped to a POSIX group in FreeIPA, if a change is
made on the AD side such as adding a user to an AD group, how long
should it take on the FreeIPA side before the change would show up?
What would the maximum time it could take before the change propagates
to a server joined to FreeIPA? What if a user was logged into the
server and was waiting on the change (assuming the MS PAC was cached by
sssd)? This would be for a simple forest trust with FreeIPA and a
medium/small AD environment. Also, assuming that sssd was not restarted
and/or the cache flushed.
I'm not looking for exact timing, just some estimates.
Thanks,
Mike
More information about the Freeipa-users
mailing list