sss_cache does not invalidate netgroups

Solution Verified - Updated -

Issue

  • sss_cache somehow fails to invalidate netgroup entries from LDAP when entry is changed. We use netgroups to control login to hosts via access.conf.
  • When adding(or removing) an entry in the LDAP netgroup, sssd does not update its cache until either a restart, reboot or deleting of the cache db. sss_cache does not help.

For example:

# getent netgroup netgr
// shows netgroup, expected

(remove netgroup from LDAP) 
# sss_cache -N 

# getent netgroup netgr
// still shows the netgroup, should not

Environment

  • Red Hat Enterprise Linux 6.4
  • sssd-1.9.2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content