Difference between revisions of "Sssd cache"

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sssd-cache

Most commonly, this is used to clear the cache and update all records:
~]# sss_cache -E
The sss_cache command can also clear all cached entries for a particular domain:
~]# sss_cache -Ed LDAP1
If the administrator knows that a specific record (user, group, or netgroup) has been updated, then sss_cache can purge the records for that specific account and leave the rest of the cache intact:
~]# sss_cache -u jsmith

https://pagure.io/SSSD/sssd/issue/3886

sssctl debug-level 9
SSS_NSS_USE_MEMCACHE=NO

https://access.redhat.com/discussions/3352911

https://serverfault.com/questions/506507/sssd-and-ldap-authentication-cache#:~:text=You%20can't%20disable%20caching,if%20that's%20what%20you%20want.

You can't disable caching completely with sssd.

You can disable sss as an authentication provider completely and just query LDAP directly if that's what you want.

For example, in /etc/nsswitch.conf, change lines like:

passwd:     files sss
to

passwd:     files ldap

sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8), sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8), sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),sssd-ifp(5),pam_sss(8). sss_rpcidmapd(5)

Pages related to sssctl
sss_cache (8) - perform cache cleanup
sss_debuglevel (8) - change debug level while SSSD is running
sss_groupadd (8) - create a new group
sss_groupdel (8) - delete a group
sss_groupmod (8) - modify a group
sss_groupshow (8) - print properties of a group
sss_obfuscate (8) - obfuscate a clear text password
sss_override (8) - create local overrides of user and group attributes