Re: SSSD and cache persistence

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 6 Aug 2018, Pete Biggs wrote:


I have a large number of CentOS machines (both 6 & 7) getting account
information from an LDAP database using SSSD. It all works fine and is
fairly reliable.

However, I'm having problems with persuading the caching system to
forget about users when they are deleted from LDAP.

I know about sss_cache with either -E or -U options, but that doesn't
delete anything, just invalidates the cache entry.

If the cache is invalid SSS will, obviously, go back to the source and
return the information there, however, bizarrely, if the original
source doesn't have the information (like when a user is deleted) the
cached information is still returned. That cached information is
retained for ever it seems so my supposedly deleted user accounts still
appear to be active on the machines.

And it also seems you can't actually turn off caching - even though
there are options in sssd.conf to do so. It looks like the
"cache_credentials = False" option still caches things, but just acts
like the entries are always invalid.

I can of course do

 stop sssd
 delete the contents of /var/lib/sss/db
 start sssd

and that's what I do when things become an issue. But surely there is a
better way of SSSD actually realising that a user has been deleted from
LDAP?

Concerning a wedged cache, deleting the relevant *.ldb files from /var/lib/sss/db is the only solution that's worked for me, though I've had to resort to it only a couple time.

I've never tried disabling the cache, so I'm no help there.

--
Paul Heinlein
heinlein@xxxxxxxxxx
45°38' N, 122°6' W
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux