From: Ashish Yadav <gwalashish(a)gmail.com>
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Date: 03/08/2015 09:23 AM
Subject: Re: [SSSD-users] How to purge sssd cache
Sent by: sssd-users-bounces(a)lists.fedorahosted.org
Hi,
On 7 Mar 2015 18:56, "Varun Mittal3" <varun.mittal(a)in.ibm.com> wrote:
>
> Hi
>
> We are using sssd available on RHEL 7 and have a query on purging
sssd cache incase domain goes offline.
> We are using just the UID/GID and group membership for users. And
netgroups(both LDAP and NIS proxy) in some cases
>
> As I understand, sss_cache utility only invalidates the records,
which marks them expired. Whenever the domain is online, these will
be refreshed. But if the domain is offline, those expired records
will still be returned as valid.
>
> - Please reconfirm if this understanding is correct
> - And if this is correct, then is there a way to purge the records
to return users/group queries invalid if domain is offline
>
I haven't tried on CentOS 7 but it should be done by doing below
given steps as far as sssd is concerned. This is a manual procedure,
if you want automatic procedure then look into cache_timeout option in
sssd.
Reading about cache_timeout from man page, that also looks like it
will
only mark the records invalid not purge them
1. service sssd stop
2. cd /var/lib/sss/db
3. rm -rf *
4. service sssd start
Yeah, I tested this on RHEL. This seems to work but then it will
purge
all the records for any domain. I wouldn't be able to purge a single
record with this.