Our users and groups LDAP configuration is working.
Our server is using LDAP to store users and groups.
# /etc/nsswitch.conf :
passwd: compat ldap
group: compat ldap
shadow: compat ldap
But today we added a new group in LDAP, with 3 users, and then, added other users. The 3 users are in the group but not the others.
We can see this by using the "groups " : more precisely, "getent group GROUPNAME" shows the user in the group while "groups " does not show the group for that user… ?!
Therefore I am trying to understand :
- Is there some kind of cache for groups – LDAP list ?
- Or is it possible for the synchronization to fail, if yes how to manually re-launch it ?
Sorry not to be more precise in my question, but I really don't see where to start…
P. S. Config files
# /etc/ldap/ldap.conf
URI ldap://172.16.1.232
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
# /etc/pam_ldap.conf
base dc=ourdomain,dc=ch
uri ldap://172.16.1.232/
ldap_version 3
rootbinddn cn=admin,dc=ourdomain,dc=ch
pam_password crypt
Best Answer
pam_ldapandnsswitchhave no caching mechanisms, butnscdorsssdmay be present on your system that implement cache.To invalidate / flush
nscdgroups cache use:To invalidate / flush
sssdgroups cache use: