On Thu, Sep 12, 2019 at 12:50 PM Hinrikus Wolf <hinri...@fsmpi.rwth-aachen.de> wrote:
> I have implemented the ldap_saerch_base. But the disabled users > are still listed in > > > getent passwd > > That means they are present for PAM. Not necessarily. If you did not wipe the sssd cache after you changed the configuration, sssd can still return hits from the cache, even if those entries are no longer in the data provider. This is probably more than is necessary, but this is how I wipe the cache: $ systemctl stop sssd.service $ rm /var/lib/sss/db/* /var/lib/sss/mc/* /var/lib/sss/pipes/* \ /var/lib/sss/pipes/private/* /var/lib/sss/pubconf/* \ /var/lib/sss/pubconf/krb5.include.d/* $ systemctl start sssd.service If you do that, you should only see entries returned if the data provider finds them. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org