| Summary: | entry_cahe_timeout has no effect on timestamps ldb cache | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Amith <apeetham> |
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> |
| Status: | CLOSED NOTABUG | QA Contact: | Steeve Goveas <sgoveas> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | grajaiya, jhrozek, lslebodn, mkosek, mzidek, pbrezina |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-09-06 05:57:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Amith
2016-09-05 18:39:46 UTC
(In reply to Amith from comment #0) > Description of problem: > Setting a short expire timeout in sssd.conf should expire user records. And > then subsequent user lookup should update the timestamps cache. Since no > changes were made to the user record in server, the dataExpireTimestamp > should be different for the user entry in both ldb caches. In this case, i > don't see any difference. > > Version-Release number of selected component (if applicable): > sssd-1.14.0-34.el7.x86_64 > > How reproducible: > Always > > Steps to Reproduce: > 1. Setup Rhel-7.3 with SSSD client against 389-ds LDAP provider > > 2. Set entry_cahe_timeout = 40 in sssd.conf > > SSSD.CONF FILE > ---------------------------------- > [sssd] > config_file_version = 2 > domains = LDAP > services = nss, pam > > [domain/LDAP] > id_provider = ldap > auth_provider = ldap > #enumerate = true > debug_level = 0xFFF0 > cache_credentials = FALSE > ldap_uri = ldaps://<Ldap_server> > ldap_tls_cacert = /etc/openldap/certs/cacert.asc > ldap_search_base = dc=example,dc=com > entry_cahe_timeout = 40 > > 3. Clean cache and restart sssd service. > # sssctl cache-remove -ops > Creating backup of local data... > Removing cache files... > > 4. Run a user lookup. > > # getent passwd -s sss testuser > testuser:*:21201:21201:testuser:/home/testuser:/bin/bash > > 5. Note the dataExpireTimestamp values from both caches. > > # ldbsearch -H cache_LDAP.ldb -b > "name=testuser@ldap,cn=users,cn=LDAP,cn=sysdb" | grep dataExpireTimestamp > asq: Unable to register control with rootdse! > dataExpireTimestamp: 1473105459 > > # ldbsearch -H timestamps_LDAP.ldb -b > "name=testuser@ldap,cn=users,cn=LDAP,cn=sysdb" | grep dataExpireTimestamp > dataExpireTimestamp: 1473105459 > > 6. After 60 seconds and run user lookup again. > # getent passwd -s sss testuser > testuser:*:21201:21201:testuser:/home/testuser:/bin/bash > > 7. Verify the difference in dataExpireTimestamp values from both caches. > # ldbsearch -H cache_LDAP.ldb -b > "name=testuser@ldap,cn=users,cn=LDAP,cn=sysdb" | grep dataExpireTimestamp > asq: Unable to register control with rootdse! > dataExpireTimestamp: 1473105459 > > # ldbsearch -H timestamps_LDAP.ldb -b > "name=testuser@ldap,cn=users,cn=LDAP,cn=sysdb" | grep dataExpireTimestamp > dataExpireTimestamp: 1473105459 > > > Actual results: > Timestamps cache remains unchanged. > It is expected result becuase entry is returned from memory cache and therefore it could not be refreshed from LDAP. For this test case, you need to: * either disable lookup in memory cache (man sssd.conf -> SSS_NSS_USE_MEMCACHE) * or memcache_timeout need to have lower value then entry_cahe_timeout |