Hello all!
Due to how our organization is moving, we'll be forced to upgrade our current IPA installation. In a nutshell, this involves using a one-way AD trust.
So, with the latest versions of RHEL and IPA offered on our Satellite server, I was able to get an installation up and running and AD trust established; because of the work of all of the IPA developers, this was quite easy - THANK YOU.
I've noticed that there seems to be a major delay in how often an external user's group membership is updated. In fact, it seems that I have to run sss_cache -u against the external user in order to verify additions/removals from the group in question.
Since I'm still in a testing phase, I am performing the queries on the only two provisioned nodes in the new realm, the IPA servers themselves. Has any other user with the same configuration run into this issue, too? If so, anything to double-check?
I'm certain that this is an sss configuration issue, but after searching through google and this mailing list, I can't seem to find any real "solution".
Thanks, John DeSantis
Hello all,
I found the following URL, which "corrected" the problem using the workaround provided by Thorsten - although it should be fixed in our SSSD version (1.16.2.13):
https://bugzilla.redhat.com/show_bug.cgi?id=1359208
Thanks! John DeSantis
Il giorno mer 3 apr 2019 alle ore 15:57 John Desantis desantis@mail.usf.edu ha scritto:
Hello all!
Due to how our organization is moving, we'll be forced to upgrade our current IPA installation. In a nutshell, this involves using a one-way AD trust.
So, with the latest versions of RHEL and IPA offered on our Satellite server, I was able to get an installation up and running and AD trust established; because of the work of all of the IPA developers, this was quite easy - THANK YOU.
I've noticed that there seems to be a major delay in how often an external user's group membership is updated. In fact, it seems that I have to run sss_cache -u against the external user in order to verify additions/removals from the group in question.
Since I'm still in a testing phase, I am performing the queries on the only two provisioned nodes in the new realm, the IPA servers themselves. Has any other user with the same configuration run into this issue, too? If so, anything to double-check?
I'm certain that this is an sss configuration issue, but after searching through google and this mailing list, I can't seem to find any real "solution".
Thanks, John DeSantis
freeipa-users@lists.fedorahosted.org