Group membership changes propogate in our environment just fine within a
reasonable period of time. What should we be talking by default,
5 minutes?
Hi
OK. I've just removed a user from a group and logged in as that
user. After 30 minutes id, getent and tests on what he can access
still show him to be a member. That's too long.
From man sssd.conf:
entry_cache_timeout (integer)
How many seconds should nss_sss consider entries valid
before asking the backend again
Default: 5400
So the default cache lifetime is 5400 seconds, you can set a shorter one
if you need the entries to be updated more frequently.
Hi.
It has no effect . I set:
entry_cache_timeout = 10
and restarted sssd, waited for a minute or so but still getent, id and
permissions of the user were still those of being a group member. This suggests
that the cache is still being consulted. It sometimes works, but after a
variable length of time. The current test (removing a user from a group) has
been running for 20 minutes but still the user is a member of the group. Stuck!
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
