Recently we change the ip address (and add some groups) of our LDAP server (running in Suse Enterprise) so should change also the ldap authenthication configurations for all the servers that we have.
Most of the servers are on Centos. We modified the ldap_uri parameter in /etc/sssd/sssd.conf to the new server but when we login to the server and make a:
id user
we obtain the user information for the old server and not the new one. In fact if we change the sssd.conf to use an ldap_uri that doesn't exist we still obtain from the command id user the same response.
The authldapconfig --test say that caching is disabled, we tried also to reboot the server and the clients and nothing work. Is there some cache for the ldap clients that have to be refresh?
NOTE: in /etc/openldap/ldap.conf the uri is commented.
The sssd.conf file is:
[domain/default]
ldap_id_use_start_tls = False
cache_credentials = True
ldap_search_base = dc=maxcrc,dc=com
krb5_realm = EXAMPLE.COM
krb5_server = kerberos.example.com
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
#ldap_uri = ldap://172.31.7.17/
ldap_uri = ldap://172.31.7.206/
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = never
ldap_schema = rfc2307bis
entry_cache_timeout = 600
ldap_network_timeout = 3
ldap_access_filter = (&(objectclass=shadowaccount)(objectclass=posixaccount))
Thanks for your help
Restart nscd with:
Then check query from your OS again. You should see updated values.