On Tue, Nov 06, 2018 at 05:22:52PM -0500, Tom wrote: > Just a general question about the behaviour of sss_cache , is and ldapsearch. > > Id will return say 8 groups and for the same user ldapsearch will return 10. > > Now as long as if returns 8 apps report authentication denied because the > user is not in an expected group. Now when we run sss_cache -E to invalidate > the cache, id Will now return all 10 groups. > > Now the group change was done days ago and our entry_cache_timeout is at > default of 5400. > > Why do we still need to run sss_cache -E if the timeout should take care of > things? We are directly authenticated against AD via computer objects. > > Just asking a general question as I’m curious how this works.
Sounds like an issue, can you capture it with logs? _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
