#3550 refresh_expired_interval does not work with netgrous in 1.15
Closed: Fixed a year ago Opened 2 years ago by lslebodn.

sssd.conf:

    [sssd]
    config_file_version = 2
    services = nss, pam
    domains = LDAP

    [nss]
    filter_groups = root
    filter_users = root
    entry_cache_nowait_percentage = 50
    memcache_timeout = 1

    [domain/LDAP]
    id_provider = ldap
    ldap_uri = ldap://$SERVER
    ldap_netgroup_search_base = ou=Netgroups,$BASE_DN
    cache_credentials = TRUE
    entry_cache_timeout = 120
    refresh_expired_interval = 25
    debug_level = 9

Initial data in LDAP:

    dn: cn=netgrp_art,ou=Netgroups,$BASE_DN
    objectClass: nisNetgroup
    objectClass: top
    cn: netgrp_art
    nisNetgroupTriple: (host1,kau10,example.com)

Steps to reproduce:

  • clean sssd cache and restart sssd rm -f /var/lib/sss/db/*; service sssd restart
  • getent netgroup netgrp_art
  • modify netgroup tripplet in LDAP
        dn: cn=netgrp_art,ou=Netgroups,$BASE_DN
        changetype: modify
        replace: nisNetgroupTriple
        nisNetgroupTriple: (host2,ami10,example.com)
  • sleep a second more that value of refresh_expired_interval
  • sleep 26
  • check that returned entry has new value getent netgroup netgrp_art | grep host2

Metadata Update from @lslebodn:
- Issue tagged with: regression

2 years ago

My experience is that entry in sssd cache was refreshed after 104 seconds but responder returned new value after 120 seconds.

Metadata Update from @jhrozek:
- Issue priority set to: blocker
- Issue set to the milestone: SSSD 1.16.1

2 years ago

This seems like old bug in 1.15 already and it is blocking 1.16.1 now.
Move to 1.16.2 so 1.16.1 can move forward?

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

a year ago

I tend to agree, because what was broken was not the background refresh itself, but netgroup-only code. So if the PR won't be reviewed quite soon, I would also prefer to remove the ticket from 1.16.1 and release the tarball.

PR: https://github.com/SSSD/sssd/pull/528

Metadata Update from @jhrozek:
- Issue tagged with: PR

a year ago

Nice :) The PR seems simple enough to make it into 1.16.1

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.2 (was: SSSD 1.16.1)

a year ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata