Bug 1818878

Summary: sss_cache - clarify intended use and limitations
Product: Red Hat Enterprise Linux 8 Reporter: Martin Kosek <mkosek>
Component: sssdAssignee: Sumit Bose <sbose>
Status: CLOSED ERRATA QA Contact: Jakub Vavra <jvavra>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.2CC: aboscatt, atikhono, dlavu, grajaiya, hartsjc, hkhot, jhrozek, lslebodn, mzidek, pbrezina, rbeyel, tscherf
Target Milestone: rcKeywords: Triaged
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: sync-to-jira
Fixed In Version: sssd-2.5.2-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-09 19:46:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Kosek 2020-03-30 15:26:34 UTC 
Description of problem:
sss_cache is may be used to force invalidation of cached data and thus forcing up-to-date data into SSSD cache. However, this approach has own performance limitations (with sshd or other long-running processes leaving open FDs to deleted old versions of the cache).

Thanks to the limitations, sss_cache is typically not recommended as a tool that is run periodically (for example in a cron), but mostly for troubleshooting. Users should rather should define proper timeout for given LDAP object, to balance amount of LDAP traffic and expected freshness of the information (like ldap_sudo_smart_refresh_interval which is set to 15 minutes by default).

The intent for this tool and limitations should be spelled out in man pages (or documentation), so that users are not using it unknowingly in improper way.

Version-Release number of selected component (if applicable):
sssd-2.2.0-19.el8_1.1
Comment 6 Sumit Bose 2021-07-01 19:37:53 UTC 
Upstream ticket:
https://github.com/SSSD/sssd/issues/5697
Comment 7 Alexey Tikhonov 2021-07-02 08:27:13 UTC 
Upstream PR: https://github.com/SSSD/sssd/pull/5698
Comment 8 Alexey Tikhonov 2021-07-08 09:39:14 UTC 
Pushed PR: https://github.com/SSSD/sssd/pull/5703

* `master`
    * b9e60ae067696782e3a52f58172f13077b5ea0f2 - man: clarify effects of sss_cache on the memory cache
Comment 9 Alexey Tikhonov 2021-07-12 21:50:50 UTC 
Fixed via rebase (bz 1947671)
Comment 16 errata-xmlrpc 2021-11-09 19:46:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sssd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4435