Learn more about these different git repos.
Other Git URLs
Consider the group ipausers which contains all the users on a typical IPA installation.
ipausers
After login and initgroups, I can see I'm a member of different groups including ipausers which contains 100+ users in my case:
-sh-4.1$ id uid=1060400019(membertest) gid=1060400019(membertest) groups=1060400019(membertest),1060400001(ipausers),1060400020(testgroup) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
But only this single user is a member of the group.
-sh-4.1$ getent group ipausers ipausers:*:1060400001:membertest
In contrast, when I get the group info with cold cache, all the users are populated.
Right now, the code paths for IPA and AD are common. One solution might be to save the member attributes as we do now. If the code tries to save a user that is not cached yet, mark that group as expired. That would force a refresh next time getgrnam/getgrgid is called on that group.
That refresh might be expensive, but I think it is not a big penalty because this refresh is done when getgrnam/gid is called for a non-cached group anyway.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.5.3 owner: somebody => jhrozek
component: SSSD => IPA Provider
master: 24be43b
sssd1.5: ea65835
resolution: => fixed status: new => closed
rhbz: => 0
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.5.4
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1864
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.