On (28/11/16 22:02), Jakub Hrozek wrote:
On Mon, Nov 28, 2016 at 07:32:20PM -0000, docbook.xml(a)gmail.com
wrote:
> Lukas,
>
> We are using the Netrgroups in the Sudoer Rules Host. When a host is added to the
correct netgroup, the admin should be able to execute the appropriate sudoers commands
immediately or in a small time frame. Right now sss_cache -E needs to executed to get the
new netgroups down the host. Which is cumbersome.
>
"sss_cache -N" should be enough.
> Thanks,
> Saqib
You can also decrease the general cache validity timeout of netgroups:
entry_cache_netgroup_timeout
but of course that would cause /all/ netgroup requests to hit the server
more often.
As I wrote in that might help if 1.5 hour is not enough for your
use-case.
I do not know how often do you change netgroups in LDAP and how many
netgroups do you have in LDAP and how many clients do you have connected
to directory server. Because too small value (5 minutes) could create
hight load on LDAP server if you have many clients.
LS