Hide Forgot
Description of problem: Changes to the LDAP server Group database will not propagate to some sssd clients using that LDAP server. Even running sss_cache -E will not fix it. Only shutting down sssd, removing the cache_default.ldb and timestamps_default.ldb files from /var/lib/sss/db works, and restarting sssd works. Version-Release number of selected component (if applicable): sssd-1.16.2-13.el7_6.8.x86_64 How reproducible: Very random Steps to Reproduce: 1. Make a change to group entry in LDAP 2. Run 'ssh_cache -E' on clients 3. Check with 'getent group' on clients to see if correct Actual results: Group entry did not change to match LDAP server Expected results: Group entry should change to match LDAP server Additional info: Upstream issue at https://pagure.io/SSSD/sssd/issue/3886 This is a screen capture showing the issue: [root@hound db]# getent group stroke stroke:*:1021:judith [root@hound db]# grep ldap4 /etc/sssd/sssd.conf ldap_uri = ldap://ldap4.mydomain.org, ldap://ldap5.mydomain.org [root@hound db]# ldapsearch -h ldap4 -x -b 'ou=Group,dc=mydomain,dc=org' "(cn=st roke)" | grep memberUid memberUid: judith memberUid: marco memberUid: bgh12 [root@hound db]# sss_cache -G [root@hound db]# sss_cache -E [root@hound db]# getent group stroke stroke:*:1021:judith [root@hound db]# systemctl stop sssd [root@hound db]# \rm cache_default.ldb timestamps_default.ldb [root@hound db]# systemctl start sssd [root@hound db]# getent group stroke stroke:*:1021:judith,marco,bgh12