On Sun, 2012-05-06 at 22:21 -0700, Chris Jacobs wrote:
Or restarted sssd?
I've restarted both the client machine and the server; so, yes.
What is your OS?
Fedora 17 prerelease.
Have you googled for ldap cache and your os?
I have. I haven't come up with much, so far.
Might pam be caching any of this stuff?
What else have you tried?
If I remove the user from the group in LDAP, that is reflected in the output of "groups". But, when I add it back, "groups" shows the (local) group associated with the old GID, not the new one.
So it's as if something on the client side has gotten the group *name* from LDAP and has locally cached an association with the old GID. The old GID is getting passed along and is associated with the group that it maps to locally by a tool like "groups".