> From: Ashish Yadav <gwalashish@gmail.com>
> To: End-user discussions about the System Security Services Daemon
> <sssd-users@lists.fedorahosted.org>
> Date: 03/08/2015 09:23 AM
> Subject: Re: [SSSD-users] How to purge sssd cache
> Sent by: sssd-users-bounces@lists.fedorahosted.org
>
> Hi,
> On 7 Mar 2015 18:56, "Varun Mittal3" <varun.mittal@in.ibm.com> wrote:
> >
> > Hi
> >
> > We are using sssd available on RHEL 7 and have a query on purging
> sssd cache incase domain goes offline.
> > We are using just the UID/GID and group membership for users. And
> netgroups(both LDAP and NIS proxy) in some cases
> >
> > As I understand, sss_cache utility only invalidates the records,
> which marks them expired. Whenever the domain is online, these will
> be refreshed. But if the domain is offline, those expired records
> will still be returned as valid.
> >
> > - Please reconfirm if this understanding is correct
> > - And if this is correct, then is there a way to purge the records
> to return users/group queries invalid if domain is offline
> >
> I haven't tried on CentOS 7 but it should be done by doing below
> given steps as far as sssd is concerned. This is a manual procedure,
> if you want automatic procedure then look into cache_timeout option in sssd.

Reading about cache_timeout from man page, that also looks like it will
only mark the records invalid not purge them

> 1. service sssd stop
> 2. cd /var/lib/sss/db
> 3. rm -rf *
> 4. service sssd start

Yeah, I tested this on RHEL. This seems to work but then it will purge
all the records for any domain. I wouldn't be able to purge a single
record with this.