Deleted Group in FreeIPA Still Comes Up

freeipa

I'm having an issue deleting a group in FreeIPA. A group was previously created called "developer" for which I want to delete.

I go into "User Groups" in FreeIPA GUI and delete the offending group name. All sounds good, but then if I go to my clients and do

getent group developer

I get

developer:*:[gid]:(members list)

In other words, the still comes up. I go into the individual group members and the group does not show in their account.

How do I permanently delete this key?

I'm running FreeIPA version 4.5.4 on CentOS 7

Thanks!


Solution 1:

Most likely the member server has cached the group. The caching is done by sssd, which also handles many other services related to the domain.

You can use the sss_cache tool to manage the cache. For example, to clear all group entries from the cache:

sss_cache -G

Related

How accurately are aws clocks synchronized between different aws regions?
named/bind is refusing to serve some domains after resolving them itself
Resizing Virtual Ubuntu Server
Is BootP still used?
Nginx - Change root directory based on server_name?
Can't ping internal network namespace
LDAPs Simple Authentication on Tomcat 9
How to enable DNS over TCP for resolving names on linux
How to setup ssh public key for another machine without access?
Why my nginx conf file redirects subdomains to main domain?
An elementary version of Laplace's Method of Succession
$f,g$ such that $\int fg = \int f \int g$