On Fri, Aug 02, 2013 at 06:44:51PM +0200, Lukas Slebodnik wrote:
On (31/07/13 12:59), Pavel Březina wrote:
On 07/30/2013 08:19 AM, Lukas Slebodnik wrote:
ehlo,
Attached patches fix ticket #1759 sss_cache -N/-n should invalidate the hash table in sssd_nss
LS
Nack.
The hash table is cleared successfully, however the netgroup is not removed from the sysdb when it is not found in ldap. Therefore the following set of commands still returns the netgroup, although it should not:
$ getent netgroup ng-1 ng-1 ( ,,bobby,example.com) ( ,,johny.example.com) ...delete ng-1 from ldap $ sudo sss_cache -N $ getent netgroup ng-1 ng-1 ( ,,bobby,example.com) ( ,,johny.example.com)
It works with IPA, but I spent a lot of time with debugging this problem and it is unrelated to my patches. Change(bug?) was introduced in commit ca344fde. First patch should fix this
Wow, nice catch. But I would expect a compiler warning or Coverity report here..this is a clear refactoring bug..
Ack to the new patch. This needs to be pushed to Fedora right now.