On ti, 03 heinä 2018, Michael Gusek via FreeIPA-users wrote:
Hi,
we use an Active Directory (Server 2012) and a FreeIPA 4.5.4
installation. FreeIPA runs under Centos 7, sssd version is
sssd-1.16.0-19.el7.x86_64. Between AD and FreeIPA we have set up a
one-way trust. For some AD users, we have set up a uid override under
"Default Trust View" in FreeIPA. This overwrite is regularly lost on the
FreeIPA server. If we clear the sssd cache (systemctl stop sssd; rm -rf
/var/lib/sss/{db,mc}/*; systemctl start sssd), the override takes effect
again. Here is a history for today:
2018-07-03 10:55:01
2018-07-03 11:05:01
2018-07-03 11:06:01
2018-07-03 11:10:01
2018-07-03 11:12:01
2018-07-03 11:15:01
2018-07-03 11:29:01
2018-07-03 11:31:01
2018-07-03 11:34:01
As you can see, there is no periodicality, from yesterday to today it
runs for about 11h without problems, and today since 11:34
How can fix the problem?
It is unclear from your explanation where is the override
lost. Is it
that LDAP entry for the override disappears? Or is it SSSD that is
forgetting an override?
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland