Thank you Stephen. But I set entry_cache_timeout to 90 seconds. The issue is that even
setting it to 90 seconds or 5 seconds it never times out(even after 90 seconds or 5
seconds is expired). It never ever expires. I have checked the client the next day and
the entry is still in the database That is the issue. What can be causing this ? is it
something wrong with the sssd service that does not read correctly the sssd.conf
configurations ?
Subject: Re: [SSSD] SSSD netgroup issue
From: sgallagh(a)redhat.com
To: sssd-devel(a)lists.fedorahosted.org
CC: chisco.13(a)hotmail.com
Date: Fri, 23 Sep 2011 15:09:40 -0400
On Fri, 2011-09-23 at 13:00 -0600, Francisco Javier Marín Murillo wrote:
> Just to let you know the only way how I have been able to expire
> netgroup cache is when I delete db cache and restart sssd. But that
> does not work for us because we want sssd to expire cache
> automatically with no manual intervention.
>
As I wrote in my other email, there will always be a lag, based on the
entry_cache_timeout value. This is to reduce the load on your LDAP
server, under the reasonable expectation that entries in LDAP are
"write-rarely, read often". In the majority of cases, you don't want to
waste time and CPU on constantly going out the LDAP server.
For the reverse, there's no way for the LDAP server to "push" updates to
the clients. LDAP doesn't work that way. All data requests have to
originate with the clients. So there's no way to achieve an
instantaneous update when something changes.