Bug 1031073

Summary: sss_cache does not povide options to invalidate sudo rules from cache
Product: Red Hat Enterprise Linux 6 Reporter: Ron van der Wees <rvdwees>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED DUPLICATE QA Contact: Kaushik Banerjee <kbanerje>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.4CC: dpal, grajaiya, jgalipea, lslebodn, mkosek, pbrezina
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1031074 (view as bug list) Environment:
Last Closed: 2013-12-03 13:23:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1031074    

Description Ron van der Wees 2013-11-15 14:51:47 UTC 
Description of problem:
The sss_cache utility performs cleanups of the SSSD cache. Currently there is no option to clear the cached sudo rules.


Version-Release number of selected component (if applicable):
sssd-1.9.2-82


How reproducible:
Always


Steps to Reproduce:
1. Configure IPA server and add sudo rules
2. Configure SSSD client and enable sudo caching as per the RHEL-6 Identity
   Management guide as found at:
   https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html-single/Identity_Management_Guide/index.html#sudo
3. Use sudo to cache some rules
4. Check the cache with
~~~
ldbsearch -H /var/lib/sss/db/cache_<domain>.ldb \
  -b cn=sudorules,cn=custom,cn=LDAP,cn=sysdb
~~~
5. Invalidate the cached sudo rules with sss_cache


Actual results:
The sss_cache utility does not have options to invalidate the sudo rules.


Expected results:
Same as with for example users and groups, be able to invalidate the cached
sudo rules with sss_cache.


Additional info:
Upstream ticket: https://fedorahosted.org/sssd/ticket/2081
Comment 1 Jakub Hrozek 2013-11-15 15:08:19 UTC 
Upstream ticket:
https://fedorahosted.org/sssd/ticket/2081
Comment 4 Jakub Hrozek 2013-12-03 13:23:29 UTC 
With comment #3 in mind I'm going to close this report and track the RFE in the RHEL7 bugzilla for the time being.

*** This bug has been marked as a duplicate of bug 1031074 ***