[Freeipa-users] get freeipa to update ad users and groups more often
Jakub Hrozek
jhrozek at redhat.com
Wed May 4 14:41:36 UTC 2016
On Wed, May 04, 2016 at 04:20:19PM +0200, Rob Verduijn wrote:
> This goes especially for ad groups that are bested in ipa_groups
>
> ie :
> microsft group is defined as an external group,
> and that external group is member of an ipa group
> and that ipa group takes forever.
>
> Regards
> Rob Verduijn
All the work in this area is done by sssd on the server. The sssd there
runs a periodical task to re-fetch new external groups memberships every
10 seconds. So I would expect the group memberships to turn up after 10
seconds at worst.
Are you sure (from sssd logs) that maybe sssd is not going into offline
state and just consults its cache?
>
>
> 2016-05-04 16:10 GMT+02:00 Rob Verduijn <rob.verduijn at gmail.com>:
> > Hello,
> >
> > I'm using a trust to microsoft active directory to allow users access
> > to linux servers.
> >
> > But when a user is added it takes a very long time for ipa to register this.
> > And even more time for the ipa clients since they have to wait for the
> > ipa servers.
> >
> > Since I hate to tell the users to wait for a couple hours, and also I
> > do not like to clean up the sssd cache folder each time a new user
> > appears.
> >
> > Is there a way to tell ipa and all clients to refresh their cache ?
> >
> > Regards
> > Rob Verduijn
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list