On Wed, Jan 10, 2018 at 09:22:05AM +0000, Marin BERNARD wrote: > > > Hi, > > > > > > > > > > > > The client systems are the FreeIPA servers! Both are running on up-to- > > date CentOS 7.4 with sssd 1.15.2. > > > > There is https://pagure.io/SSSD/sssd/issue/3431 which is fixed upstream in > > 1.15.3 which might prevent the automatic enabling of enterprise principals > > on the clients if the domain objects are already stored in the cache of > > SSSD. > > > > bye, > > Sumit > > Yes, but I tried to flush the sssd cache several times before writing to the > list. > I used sssd_cache -E though ; I did not try to remove the whole /var/db/sssd > directory.
Unfortunately you have to remove the cache with rm in this case, sss_cache -E just invalidates the entries by resetting a timestamp. > As far as I understand it, automatic enabling of enterprise principal is > handled by sssd providers like AD or IPA providers. Does the FreeIPA provider > shipped with sssd 1.15 implement this feature? Yes, but with the isssue mentioned above. HTH bye, Sumit _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
