SSSD or System Security Services daemon enables access to remote directories and authentication mecahanisms. In particular SSSD is used by FreeIPA/RedHat IDM to talk to the identity server.
In a cluster where user identity is managed by FreeIPA/IDM, the clients use SSSD to talk to the FreeIPA/IDM server(s). While testing, or even in real-life odd situations, if you need to invalidate the local cache of SSSD to relect the change that happened in the server, use the following command.
To invalidate the cache for a specific user, use
sss_cache -u user1
I believe it is good idea to purge this cache in a periodic basis during off peak hours.