On Sun, Mar 9, 2025 at 8:32 PM Lawrence Kearney hangarbait@gmail.com wrote:
Alexey, Good evening. I have finally made the time to circle back to this and do some testing.
I found this, which was interesting (I think you were assisting) https://blog.rook.io/prototyping-an-nfs-connection-to-ldap-using-sssd-7c27f6...
It seemed to share some parallels so I decided to test swapping the order of lookup in the nsswitch.conf for a test stateless instance.
passwd sss files group sss files
After 15 minutes (exactly) a poll of the mounted NFS file systems reflected resolved users and groups as normal. Without requiring a lookup operation (for any valid user) as before.
I'm having trouble tracking this to the likely sssd timer that may help explain more.
Maybe ldap_connection_expire_timeout/ldap_connection_idle_timeout.