Re: Cached user info?

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Monday, 7 May 2012 08:04:34 Braden McDaniel wrote:
> On Sun, 2012-05-06 at 22:21 -0700, Chris Jacobs wrote:
> > Or restarted sssd?
> 
> I've restarted both the client machine and the server; so, yes.
> 
> > What is your OS?
> 
> Fedora 17 prerelease.
> 
> > Have you googled for ldap cache and your os?
> 
> I have.  I haven't come up with much, so far.
> 
> Might pam be caching any of this stuff?
> 
> > What else have you tried?
> 
> If I remove the user from the group in LDAP, that is reflected in the
> output of "groups".  But, when I add it back, "groups" shows the (local)
> group associated with the old GID, not the new one.
> 
> So it's as if something on the client side has gotten the group *name*
> from LDAP and has locally cached an association with the old GID.

You have a local group and an LDAP group, with the same name, and different 
GIDs? Depending on your nss configuration (in /etc/nsswitch.conf), you will 
either get the local group, or the LDAP group definition.

> The
> old GID is getting passed along and is associated with the group that it
> maps to locally by a tool like "groups".

If I understand your setup, this is the correct behaviour.

Provide the output of 'id username'. If none of your groups have spaces in the 
name, the following might also be useful:

$ for i in `groups username|awk -F: '{print $2}'`;do getent group|grep  
"^$i:";done

Regards,
Buchan