#2912 refresh_expired_interval stops sss_cache from working
Closed: Fixed None Opened 3 years ago by pbrezina.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1295883

Description of problem:
Enabling 'refresh_expired_interval' in the domain/LDAP section stops calls to
sss_cache from expiring data.

Version-Release number of selected component (if applicable):
sssd-1.12.4-47.el6_7.4.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1. Setup sssd.conf against an ldap server.
2. Add 'refresh_expired_interval = 1234' to the [domain/LDAP] section
3. Query a netgroup
# getent netgroup testgroup
testgroup ( ,user1,) ( ,user2,) ( ,user3,)
4. Modify the group external to remove user3
5. Call sss_cache to expire the group
# sss_cache -n testgroup
6. Verify netgroup
# getent netgroup testgroup
testgroup ( ,user1,) ( ,user2,) ( ,user3,)

For this step I'm also watching the sssd_LDAP.log with debug=9. Following is
the output during steps 4/5

(Tue Jan  5 16:59:38 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): dbus
conn: 0x1477920
(Tue Jan  5 16:59:38 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000):
Dispatching.
(Tue Jan  5 16:59:38 2016) [sssd[be[LDAP]]] [sbus_message_handler] (0x4000):
Received SBUS method [rotateLogs]
(Tue Jan  5 16:59:38 2016) [sssd[be[LDAP]]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Tue Jan  5 16:59:38 2016) [sssd[be[LDAP]]] [sbus_handler_got_caller_id]
(0x4000): Received SBUS method [rotateLogs]
(Tue Jan  5 16:59:39 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000): dbus
conn: 0x1477920
(Tue Jan  5 16:59:39 2016) [sssd[be[LDAP]]] [sbus_dispatch] (0x4000):
Dispatching.
(Tue Jan  5 16:59:39 2016) [sssd[be[LDAP]]] [sbus_message_handler] (0x4000):
Received SBUS method [ping]
(Tue Jan  5 16:59:39 2016) [sssd[be[LDAP]]] [sbus_get_sender_id_send] (0x2000):
Not a sysbus message, quit
(Tue Jan  5 16:59:39 2016) [sssd[be[LDAP]]] [sbus_handler_got_caller_id]
(0x4000): Received SBUS method [ping]

Without 'refresh_expired_interval' set you can see if going off to the ldap
server and re-caching results on the getent query and it returns the results
correctly.

The changelog for 1.12.5 does list some enhancements for
'refresh_expired_interval' so perhaps it is fixed there, but I don't have a
Fedora system to test on.

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
milestone: NEEDS_TRIAGE => SSSD 1.13.4
owner: somebody => mzidek
review: True => 0
selected: =>
testsupdated: => 0

Bumping priority, this is an important ticket for our downstream.

priority: major => critical

Fields changed

patch: 0 => 1

Fields changed

resolution: => fixed
status: new => closed

Metadata Update from @pbrezina:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.13.4

2 years ago

Login to comment on this ticket.

Metadata