'getent passwd' not showing LDAP users, athough users can log in

Question

I have an administration node running LDAP and a login node which uses LDAP on the other node to authorize users. Users are able to log into the login node successfully.

When I run getent passwd, on the admin node I get all the users, both those from /etc/passwd and LDAP. However, on the login node the LDAP users are missing. Both machines are running CentOS 7.9.2009 and both have an identical /etc/nsswitch.conf. The only non-trivial differences between the two version of /etc/sss/sssd.conf is that on the admin node

ldap_access_order = filter,expire

is set, whereas on the login node the setting is

ldap_access_order = expire

but that seems to me irrelevant (the filter just contains a single non-root functional user which was only used when the system was set up).

Where else should I be looking to work out what the difference is between the two systems?

try to clear the `sssd` cache and run the test again – Romeo Ninov Aug 02 '22 at 13:31 — Romeo Ninov, Aug 02 '22 at 13:31
Clearing the cache has no effect on the problem. – loris Aug 02 '22 at 13:55 — loris, Aug 02 '22 at 13:55
@RomeoNinov: You were right. See accepted answer. – loris Aug 12 '22 at 11:13 — loris, Aug 12 '22 at 11:13

score 1 · Accepted Answer · answered Aug 12 '22 at 11:12

1

The suggestion to delete the sssd cache was indeed correct. However, running

sss_cache -E

did not help. I had to actually delete the relevant files with

rm -rf /var/lib/sss/db/*

answered Aug 12 '22 at 11:12

loris

195
1
11

'getent passwd' not showing LDAP users, athough users can log in

1 Answers1

Linked