SSSD

SSSD or System Security Services daemon enables access to remote directories and authentication mecahanisms. In particular SSSD is used by FreeIPA/RedHat IDM to talk to the identity server.

Learn more about SSSD here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/sssd

In a cluster where user identity is managed by FreeIPA/IDM, the clients use SSSD to talk to the FreeIPA/IDM server(s). While testing, or even in real-life odd situations, if you need to invalidate the local cache of SSSD to relect the change that happened in the server, use the following command.

sss_cache -E

To invalidate the cache for a specific user, use

sss_cache -u user1

I believe it is good idea to purge this cache in a periodic basis during off peak hours.