30.7. Deleting Domain Cache Files

SSSD can define multiple domains of the same type and different types of domain. SSSD maintains a separate database file for each domain, meaning each domain has its own cache. These cache files are stored in the /var/lib/sss/db/ directory.
If there is ever a problem with a domain, it is easy to purge the cache by stopping SSSD and deleting the cache file for that domain.
All cache files are named for the domain. For example, for a domain named exampleldap, the cache file is named cache_exampleldap.ldb.
Be careful when you delete a cache file. This operation has significant effects:
  • Deleting the cache file deletes all user data, both identification and cached credentials. Consequently, do not delete a cache file unless the system is online and can authenticate with a username against the domain's servers. Without a credentials cache, offline authentication will fail.
  • If the configuration is changed to reference a different identity provider, SSSD will recognize users from both providers until the cached entries from the original provider time out.
    It is possible to avoid this by purging the cache, but the better option is to use a different domain name for the new provider. When SSSD is restarted, it creates a new cache file with the new name and the old file is ignored.