Learn more about these different git repos.
Other Git URLs
Currently there is no convenient way to delete the cached GPO rules so admins have to remove it manually by deleting the whole cache with rm.
This is even more problematic if someone deletes only the downloaded ini files and leaves the sysdb cache intact, because this will result in GPOs being unused until there is server side change (update) of the GPO version.
We may consider adding a readme file to the cache directory that will discourage people to manually delete any entries there and use the sss tools for that.
Pasting one email (with authors permission) because I think it contains valuable input:
`` Cool. Thanks for taking my input. If I might add one more suggestion. A bit part of my issue with this whole thing was the lack of detail in the sssd logs, even on debug_level = 10. The error message simply stated "No such file or directory", there was no indication of what file it was looking for or how to remedy the situation. In this case the error indicated that the GPO file was missing. This being the case, if you implement a fix via sss_cache (or some other tool) maybe the error message could be updated to suggest running the tool to clean up the GPO cache.
Thanks again,
-Lesley Kimmel, RHCE ``
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD Future releases (no date set yet)
I would be surprised if someone did not already think about this, but shouldn't sssd itself detect this condition (ini files gone but still in sysdb cache) and automatically recover (for example by discarding the invalid sysdb cache entries)?
I did encounter this issue while troubleshooting the multiple issues with SSSD GPO support, and as an end-user it was not easy to understand: the error that does not list any filename is confusing and insufficient. I would know how to trace the syscalls but should users of supposedly mature feature (yes, I have seen nowhere warnings about the GPO supports' numerous and severe problems) be expected to take the time to do it?
The correct way would be to delete all /var/lib/sss/{db,gpo_cache,mc} while SSSD stopped?
Metadata Update from @thalman: - Issue tagged with: Future milestone
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4523
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.