Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1295883
Description of problem: Enabling 'refresh_expired_interval' in the domain/LDAP section stops calls to sss_cache from expiring data. Version-Release number of selected component (if applicable): sssd-1.12.4-47.el6_7.4.x86_64 How reproducible: Everytime Steps to Reproduce: 1. Setup sssd.conf against an ldap server. 2. Add 'refresh_expired_interval = 1234' to the [domain/LDAP] section 3. Query a netgroup # getent netgroup testgroup testgroup ( ,user1,) ( ,user2,) ( ,user3,) 4. Modify the group external to remove user3 5. Call sss_cache to expire the group # sss_cache -n testgroup 6. Verify netgroup # getent netgroup testgroup testgroup ( ,user1,) ( ,user2,) ( ,user3,) For this step I'm also watching the sssd_LDAP.log with debug=9. Following is the output during steps 4/5 (Tue Jan 5 16:59:38 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): dbus conn: 0x1477920 (Tue Jan 5 16:59:38 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 5 16:59:38 2016) [sssd[be[LDAP]]] [sbus_message_handler] (0x4000): Received SBUS method [rotateLogs] (Tue Jan 5 16:59:38 2016) [sssd[be[LDAP]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Tue Jan 5 16:59:38 2016) [sssd[be[LDAP]]] [sbus_handler_got_caller_id] (0x4000): Received SBUS method [rotateLogs] (Tue Jan 5 16:59:39 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): dbus conn: 0x1477920 (Tue Jan 5 16:59:39 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): Dispatching. (Tue Jan 5 16:59:39 2016) [sssd[be[LDAP]]] [sbus_message_handler] (0x4000): Received SBUS method [ping] (Tue Jan 5 16:59:39 2016) [sssd[be[LDAP]]] [sbus_get_sender_id_send] (0x2000): Not a sysbus message, quit (Tue Jan 5 16:59:39 2016) [sssd[be[LDAP]]] [sbus_handler_got_caller_id] (0x4000): Received SBUS method [ping] Without 'refresh_expired_interval' set you can see if going off to the ldap server and re-caching results on the getent query and it returns the results correctly. The changelog for 1.12.5 does list some enhancements for 'refresh_expired_interval' so perhaps it is fixed there, but I don't have a Fedora system to test on.
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 milestone: NEEDS_TRIAGE => SSSD 1.13.4 owner: somebody => mzidek review: True => 0 selected: => testsupdated: => 0
Bumping priority, this is an important ticket for our downstream.
priority: major => critical
patch: 0 => 1
master:
sssd-1-13:
resolution: => fixed status: new => closed
Metadata Update from @pbrezina: - Issue assigned to mzidek - Issue set to the milestone: SSSD 1.13.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3953
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.