On Sep 23, 2011, at 5:55 PM, Francisco Javier Marín Murillo
<chisco.13(a)hotmail.com> wrote:
Thank you Stephen. But I set entry_cache_timeout to 90 seconds.
The issue is that even setting it to 90 seconds or 5 seconds it never times out(even after
90 seconds or 5 seconds is expired). It never ever expires. I have checked the client
the next day and the entry is still in the database That is the issue. What can be
causing this ? is it something wrong with the sssd service that does not read correctly
the sssd.conf configurations ?
We never remove the entry from the cache. We will update it the next time it is
requested after the expiration is reached. We do this so that offline operation can
continue.
Offline operation is defined as any time that the LDAP server cannot be reached.
> Subject: Re: [SSSD] SSSD netgroup issue
> From: sgallagh(a)redhat.com
> To: sssd-devel(a)lists.fedorahosted.org
> CC: chisco.13(a)hotmail.com
> Date: Fri, 23 Sep 2011 15:09:40 -0400
>
> On Fri, 2011-09-23 at 13:00 -0600, Francisco Javier Marín Murillo wrote:
> > Just to let you know the only way how I have been able to expire
> > netgroup cache is when I delete db cache and restart sssd. But that
> > does not work for us because we want sssd to expire cache
> > automatically with no manual intervention.
> >
>
> As I wrote in my other email, there will always be a lag, based on the
> entry_cache_timeout value. This is to reduce the load on your LDAP
> server, under the reasonable expectation that entries in LDAP are
> "write-rarely, read often". In the majority of cases, you don't want
to
> waste time and CPU on constantly going out the LDAP server.
>
> For the reverse, there's no way for the LDAP server to "push" updates
to
> the clients. LDAP doesn't work that way. All data requests have to
> originate with the clients. So there's no way to achieve an
> instantaneous update when something changes.
>