Getent group <group> returns incomplete member list after enumeration switched off in sssd

Solution Unverified - Updated -

Issue

  • When a user is removed from the cache after the normal time out, the groups he is a member of do not longer list the user when doing a "getent group".
  • The situation lasts until the group is updated (typical 45 minutes).
  • What I see is that the sssd_cache does not have the user restored as a "ghost", so when the user expires and is removed as a group member but is not restored as a "ghost" member.
  • This only happens after the group expires. This means for about 45 minutes a "getent group " does not show the user as a member.

Environment

  • Red Hat Enterprise Linux (RHEL) 6.6
  • System Security Services Daemon (SSSD) 1.11.6-30.el6
  • Enumeration turned off

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content