[Freeipa-users] How long should it take to propagate user role changes?
Martin Bašti
mbasti at redhat.com
Thu Apr 6 07:11:32 UTC 2017
On 06.04.2017 01:57, Greg Gilbert wrote:
> Hey. I'm a bit new to FreeIPA, so apologies if this has already been
> addressed. For reference, I'm running FreeIPA 4.4 server on CentOS 7,
> and FreeIPA client 4.3.1 on Ubuntu nodes.
>
> I've noticed that when I make changes to policies, it either takes a
> long time to propagate out to the client nodes, or requires a manual
> restart of the sssd service. In this case, I'm testing adding and
> removing a user from a sudo rule. Is this the correct behavior, or is
> there a misconfiguration on my part somewhere?
>
> - greg
>
Hello,
it is caused by SSSD caches, to refresh particular objects in cache see
`man sss_cache`.
You can lower TTL for records in cache, but the lower TTL, the higher
load on server (`man sssd.conf` search for cache).
Martin
--
Martin Bašti
Software Engineer
Red Hat Czech
More information about the Freeipa-users
mailing list