[CentOS] sssd - ldap uid/gid does not match with uid/gids in the openLDAP DS

Arun Khan knura9 at gmail.com
Thu Oct 10 18:56:58 UTC 2013


On Wed, Oct 9, 2013 at 11:13 AM, Arun Khan <knura9 at gmail.com> wrote:
> On Wed, Oct 9, 2013 at 2:29 AM, Paul Heinlein <heinlein at madboa.com> wrote:
>> On Wed, 9 Oct 2013, Arun Khan wrote:
>>
>>> In order for jdoe to show up as member of 'project1' group, I have to
>>> restart sssd.
>>>
>>> In sssd.conf, in the domain section enumerate=FALSE.
>>>
>>> I would appreciate any pointers to shorten the client side updates
>>> regarding uid+gid association.
>>
>>
>> Th default entry_cache_timeout is 5400 seconds, an hour and a half, probably
>> well beyond the "> 5 mins" you waited.
>>
>> I set "entry_cache_timeout = 600" in the domain section section of the
>> standard sssd.conf for CentOS machines. You can set
>> entry_cache_group_timeout specifically if you need more frequent checks for
>> group entries.
>>
>
> Thanks very much for the pointer.  I will try it out.

SOLVED.  I set the timeouts to low values (10s), tested and the
settings work like a champ!

Thanks again for the pointer.

-- Arun Khan



More information about the CentOS mailing list