Tag: LDAP cache

This error can be easily resolved by clearing the sssd cache from the client server.

What is SSSD Cache

SSSD caches the results of users and credentials from these remote locations so that if the identity provider goes offline, the user credentials are still available and users can still login. This helps to improve performance and facilitates scalability with a single user that can login over many systems, rather than using local accounts everywhere.

——————- advertisements ——————-

———————————————————

The cached results can potentially be problematic if the stored records become stale and are no longer in sync with the identity provider.Hence clearing the cache files will resolve the issues.  

How to clear the Cache

Here we will discuss couple of methods to clear the cache files. 1. sss_cache Tool  The cache purge utility, sss_cache  invalidates records in the SSSD cache for a user, a domain, or a group. Invalidating the current records forces the cache to retrieve the updated records from the identity provider, so changes can be realized quickly.

# sss_cache -E

2. Deleting Cache Files SSSD stores its cache files in the /var/lib/sss/db/ directory. it is also possible to clear the cache by simply deleting the corresponding cache files.

——————- advertisements ——————-

———————————————————

Before deleting the files , it is important to stop the sssd service .

# systemctl stop sssd

After this remove the cache files as below

# rm -rf /var/lib/sss/db/*

Once removed , start the sssd service back online

# systemctl restart sssd

SSSD should now start up correctly with an empty cache.Any user login will now first go directly to the LDAP  for authentication, and then be cached locally afterwards.So the login errors  should be cleared . Hope this will help you. Please have your suggestions/feedback in the comments section.