Learn more about these different git repos.
Other Git URLs
https://bugzilla.redhat.com/show_bug.cgi?id=766148
With nscd, if you updated ldap and wanted to quickly clear a nss group, you could do something like: nscd -i group; nscd -i passwd
With sssd, the only way I've found that works consistently is blowing away the ldap cache file or sometimes just restarting sssd. It would be nice to include a flag to the sssd daemon or a utility to do this. With a few additions to the python api, it would be trivial to write a utility to do this.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.6.0
owner: somebody => jhrozek
owner: jhrozek => jzeleny
status: new => assigned
I just realized we never documented in this bug how we planned to resolve this.
We intend to write a simple tool that will forcibly reset the dataExpireTimestamp for all entries in the cache. This is a safer way to purge the cache than removing the cache database, for two reasons. 1. It will retain any cached credentials 1. It does not remove the entries from the cache, so if SSSD goes offline after a purge, but before the entries have actually been refreshed, they will still be accessible.
The tool at minimum should support the following modes of operation: 1. Expire all entries in the cache 1. Expire all entries of one type (users, groups, netgroups)
An optional but nice-to-have feature would be the ability to expire individual entries as well. ({{{sysdb_user_dn()}}} and {{{sysdb_group_dn()}}} would probably make this easy)
patch: => 1
Fixed by: - 9dfa22c - f62b9b4 - c737e14 - 46b78b8 - 13857cf
component: SSSD => sss_tools resolution: => fixed status: assigned => closed
description: With nscd, if you updated ldap and wanted to quickly clear a nss group, you could do something like: nscd -i group; nscd -i passwd
With sssd, the only way I've found that works consistently is blowing away the ldap cache file or sometimes just restarting sssd. It would be nice to include a flag to the sssd daemon or a utility to do this. With a few additions to the python api, it would be trivial to write a utility to do this. => https://bugzilla.redhat.com/show_bug.cgi?id=766148
With sssd, the only way I've found that works consistently is blowing away the ldap cache file or sometimes just restarting sssd. It would be nice to include a flag to the sssd daemon or a utility to do this. With a few additions to the python api, it would be trivial to write a utility to do this. rhbz: =>
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=766148 766148]
Metadata Update from @sejeff: - Issue assigned to jzeleny - Issue set to the milestone: SSSD 1.6.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1829
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.