[Freeipa-users] Different cache on 2 IPA servers
Troels Hansen
th at casalogic.dk
Wed Jan 11 12:33:27 UTC 2017
Hi Sumit
----- On Jan 11, 2017, at 12:51 PM, Sumit Bose sbose at redhat.com wrote:
>
> I guess this is because the last update on one server was done with data
> from LDAP while the other used data from the Global Catalog. In general
> missing data in the GC should not remove the data read from LDAP, there
> is already https://fedorahosted.org/sssd/ticket/2474 to track this.
As always, looks spot on, and explains what we saw.
>
> We plan to allow to configure sub-domains individually in one of the
> next releases, see https://fedorahosted.org/sssd/ticket/2599 .
>
> In the meantime you might want to try id-overrides for users which have
> /bin/false set as shell in AD?
>
Yes, it would be nice to have the ability to configure individual things on the AD domains.
For now, we'll implement ID override on users who we find to have this problem.
More information about the Freeipa-users
mailing list