Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSSD is not refreshing cached user data for the ipa sub-domain in a IPA/AD trust #4983

Closed
sssd-bot opened this issue May 2, 2020 · 1 comment
Closed

SSSD is not refreshing cached user data for the ipa sub-domain in a IPA/AD trust #4983

sssd-bot opened this issue May 2, 2020 · 1 comment
Assignees
@jhrozek
Labels
Bugzilla Closed: Fixed Issue was closed as fixed. RFE

Comments

@sssd-bot
Copy link

sssd-bot commented May 2, 2020

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/4012

Ticket was cloned from Red Hat Bugzilla: Bug 1657978

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

We already support refreshing users, groups and netgroups on the background periodically, but only for the joined domain and only using LDAP provider primitives. It would be helpful in busy AD-IPA trust scenarios to let the IPA servers refresh the data on the background to limit the time the clients need to wait to refresh large nested group hierarchies.

Comments

Comment from jhrozek at 2019-05-21 13:20:13

Metadata Update from @jhrozek:

Comment from jhrozek at 2019-05-21 13:21:43

PR: #812

Comment from jhrozek at 2019-05-21 13:21:47

Metadata Update from @jhrozek:

  • Issue assigned to jhrozek

Comment from jhrozek at 2019-05-21 13:22:01

Metadata Update from @jhrozek:

  • Issue tagged with: PR, RFE

Comment from jhrozek at 2019-06-13 23:08:08

Metadata Update from @jhrozek:

  • Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)

Comment from jhrozek at 2019-07-05 12:35:06

Commit cdc44a05 relates to this ticket

Comment from jhrozek at 2019-07-05 12:35:07

Commit 7a08d1de relates to this ticket

Comment from jhrozek at 2019-07-05 12:35:07

Commit 039384b8 relates to this ticket

Comment from jhrozek at 2019-07-05 12:35:07

Commit 60c876ae relates to this ticket

Comment from jhrozek at 2019-07-05 12:35:08

Commit 79223509 relates to this ticket

Comment from jhrozek at 2019-07-05 12:35:08

Commit 1d0e75e9 relates to this ticket

Comment from jhrozek at 2019-07-05 12:35:09

Commit 576f3691 relates to this ticket

Comment from jhrozek at 2019-07-05 12:35:09

Commit 0fbc317a relates to this ticket

Comment from jhrozek at 2019-07-05 12:37:53

master:
cdc44a0
7a08d1d
039384b
60c876a
7922350
1d0e75e
d76756e
b72adfc
576f369
0fbc317
7443498
2cb294e
ac72bb4
41305ef
d1eb0a7
9d49c90
bb0bd61
1a08b53
f279552
db99504

Comment from jhrozek at 2019-07-05 12:37:53

Metadata Update from @jhrozek:

  • Issue close_status updated to: Fixed
  • Issue status updated to: Closed (was: Open)

Comment from lslebodn at 2020-01-22 12:56:06

see also https://pagure.io/SSSD/sssd/issue/4142

Comment from frenaud at 2020-03-12 07:44:44

Test case provided upstream in freeipa workspace:
ipatests/test_integration/test_sssd.py::TestSSSDWithAdTrust::test_sssd_cache_refresh

master:
https://pagure.io/freeipa/c/7c059c81ce61d70ec3c855881902a8ca1f08eeed
https://pagure.io/freeipa/c/8dd663e0c2cbc6c6fec43ffcc09259f9be336429

Comment from sorlov at 2020-03-13 11:27:33

ipa-4-8:

  • 1d416a5a5ceaaf3fff9df423cea9114f1918aad2 ipatests: provide docstrings instead of imporperly placed comments
  • 40fd96f27d2512212ac99fff9ace0fef1f5a57d4 ipatests: add test for SSSD updating expired cache items

Comment from sorlov at 2020-03-13 11:29:12

ipa-4-8:
https://pagure.io/freeipa/c/1d416a5a5ceaaf3fff9df423cea9114f1918aad2
https://pagure.io/freeipa/c/40fd96f27d2512212ac99fff9ace0fef1f5a57d4
@sssd-bot sssd-bot added Bugzilla Closed: Fixed Issue was closed as fixed. RFE labels May 2, 2020
@sssd-bot sssd-bot closed this as completed May 2, 2020
@alexey-tikhonov
Copy link
Member

1-16 backport: #878

  • sssd-1-16
    • 06fed80 - IPA/AD/LDAP: Increase the initgrExpireTimestamp after finishing refresh request
    • 75b6695 - DP/SYSDB: Move the code to set initgrExpireTimestamp to a reusable function
    • 1754e3e - MAN: Amend the documentation for the background refresh
    • 8f02770 - IPA/AD/SDAP/BE: Generate refresh callbacks with a macro
    • c3956d2 - BE/IPA/AD/LDAP: Initialize the refresh callback from a list to reduce logic duplication
    • 159d1af - BE/IPA/AD/LDAP: Add inigroups refresh support
    • 468ee8b - IPA: Implement background refresh for IPA domains
    • 25b66e2 - AD: Implement background refresh for AD domains
    • e1830ba - BE: Schedule the refresh interval from the finish time of the last run
    • b7110e0 - BE: Extend be_ptask_create() with control when to schedule next run after success
    • cb11886 - BE: Send refresh requests in batches
    • 87cd4ec - BE: Pass in filter_type when creating the refresh account request
    • 0ef02c9 - BE/LDAP: Split out a helper function from sdap_refresh for later reuse
    • 8a8b234 - BE: Change be_refresh_ctx_init to return errno and set be_ctx->refresh_ctx
    • 5c60056 - BE: Pass in attribute to look up with instead of hardcoding SYSDB_NAME
    • 936b423 - BE/LDAP: Call be_refresh_ctx_init() in the provider libraries, not in back end
    • c56e165 - BE: Make be_refresh_ctx_init set up the periodical task, too
    • 6bd021d - BE: Enable refresh for multiple domains
    • 3ee57e7 - BE: search with sysdb_search_with_ts_attr
    • bca2f94 - SYSDB: Add sysdb_search_with_ts_attr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jhrozek jhrozek

Labels
Bugzilla Closed: Fixed Issue was closed as fixed. RFE
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jhrozek @alexey-tikhonov @sssd-bot