1

I have an administration node running LDAP and a login node which uses LDAP on the other node to authorize users. Users are able to log into the login node successfully.

When I run getent passwd, on the admin node I get all the users, both those from /etc/passwd and LDAP. However, on the login node the LDAP users are missing. Both machines are running CentOS 7.9.2009 and both have an identical /etc/nsswitch.conf. The only non-trivial differences between the two version of /etc/sss/sssd.conf is that on the admin node

ldap_access_order = filter,expire

is set, whereas on the login node the setting is

ldap_access_order = expire

but that seems to me irrelevant (the filter just contains a single non-root functional user which was only used when the system was set up).

Where else should I be looking to work out what the difference is between the two systems?

Improve this question
4
  • 2
    try to clear the sssd cache and run the test again Commented Aug 2, 2022 at 13:31
  • Clearing the cache has no effect on the problem. Commented Aug 2, 2022 at 13:55
  • @RomeoNinov: You were right. See accepted answer. Commented Aug 12, 2022 at 11:13
  • I just had this after creating a new user in ldap and it took several minutes (>5) for the getent passwd to have the new added user. I did try both solutions and neither solved the problem for me. With that said I am switching to AD soon so the setup will change.. Commented Apr 30, 2024 at 15:00

1 Answer 1

Reset to default
1

The suggestion to delete the sssd cache was indeed correct. However, running

sss_cache -E

did not help. I had to actually delete the relevant files with

rm -rf /var/lib/sss/db/*
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.