On (11/02/14 23:16), Jakub Hrozek wrote:
Hi,
I was debugging one case with a downstream customer which turned out to be a
sss_cache bug. For user entries, we only re-set the dataExpireTimestamp,
not the initgrExpireTimestamp. This resulted in id not reporting
accurate initgroups information even after sss_cache was run.
The attached patch also resets initgrExpireTimestamp.
From bdb53e9b6cc10579ae9731b7e78f250da7ca599a Mon Sep 17 00:00:00
2001
From: Jakub Hrozek <jhrozek(a)redhat.com>
Date: Tue, 11 Feb 2014 22:51:48 +0100
Subject: [PATCH] SSS_CACHE: Reset the initgroups attribute when resetting
users
---
src/tools/sss_cache.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c
index 9f22862e91133fdfc304616eac2ab72e5d9725e4..ed02b7b60eab9f31e4376184903407c03875acc0
100644
--- a/src/tools/sss_cache.c
+++ b/src/tools/sss_cache.c
@@ -421,6 +421,12 @@ static errno_t invalidate_entry(TALLOC_CTX *ctx,
if (ret == EOK) {
switch (entry_type) {
case TYPE_USER:
+ /* For users, we also need to reset the initgroups
+ * cache expiry */
+ ret = sysdb_attrs_add_time_t(sys_attrs,
+ SYSDB_INITGR_EXPIRE, 1);
+ if (ret != EOK) return ret;
+
ret = sysdb_set_user_attr(domain, name, sys_attrs,
SYSDB_MOD_REP);
break;
--
1.8.5.3
ACK
LS