From 27d453f6f13e861f9acd3ddc173fbd1e50f5f81f Mon Sep 17 00:00:00 2001
From: Sinisa Veseli <sveseli@aps.anl.gov>
Date: Tue, 2 Feb 2016 03:34:19 +0000
Subject: [PATCH] added refreshing for NSCD cache after modifying group
 membership

---
 etc/dm.sudo-rules.template                    |  3 ++-
 .../utility/ldapLinuxPlatformUtility.py       | 22 +++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/etc/dm.sudo-rules.template b/etc/dm.sudo-rules.template
index afc042be..063a04dd 100644
--- a/etc/dm.sudo-rules.template
+++ b/etc/dm.sudo-rules.template
@@ -7,7 +7,8 @@ Cmnd_Alias USERMOD=/usr/sbin/usermod -a -G * *
 Cmnd_Alias GROUPADD=/usr/sbin/groupadd *
 Cmnd_Alias CHOWN=/bin/chown -R \:* *
 Cmnd_Alias GPASSWD=/usr/bin/gpasswd * * *
+Cmnd_Alias NSCD=/usr/sbin/nscd -i *
 
-USER HOST = (root) NOPASSWD: SETFACL,USERMOD,GROUPADD,CHOWN,GPASSWD
+USER HOST = (root) NOPASSWD: SETFACL,USERMOD,GROUPADD,CHOWN,GPASSWD,NSCD
 
 
diff --git a/src/python/dm/common/utility/ldapLinuxPlatformUtility.py b/src/python/dm/common/utility/ldapLinuxPlatformUtility.py
index ec88542b..4ab55aa5 100755
--- a/src/python/dm/common/utility/ldapLinuxPlatformUtility.py
+++ b/src/python/dm/common/utility/ldapLinuxPlatformUtility.py
@@ -20,6 +20,7 @@ class LdapLinuxPlatformUtility:
     SETFACL_CMD = '/usr/bin/setfacl'
     CHOWN_CMD = '/bin/chown'
     GPASSWD_CMD = '/usr/bin/gpasswd'
+    NSCD_CMD = '/usr/sbin/nscd'
 
     def __init__(self, serverUrl, adminDn, adminPasswordFile, groupDnFormat, minGidNumber=None):
         self.serverUrl = serverUrl
@@ -166,6 +167,9 @@ class LdapLinuxPlatformUtility:
             logger.error('Could not add user %s to group %s: %s' % (username, groupName, ex))
             raise InternalError(exception=ex)
 
+        # Refresh NSCD cache
+        self.refreshNscdGroupCache()
+
     def deleteUserFromGroup(self, username, groupName):
         """ Remove user from group. """
         logger = self.getLogger()
@@ -195,6 +199,10 @@ class LdapLinuxPlatformUtility:
             logger.error('Could not remove user %s from group %s: %s' % (username, groupName, ex))
             raise InternalError(exception=ex)
 
+        # Refresh NSCD cache
+        self.refreshNscdGroupCache()
+
+
     @classmethod
     def createLocalGroup(cls, name):
         """ Create local group if it does not exist. """
@@ -257,6 +265,9 @@ class LdapLinuxPlatformUtility:
             logger.error('Could not set users %s for group %s: %s' % (usernameList, groupName, ex))
             raise InternalError(exception=ex)
 
+        # Refresh NSCD cache
+        self.refreshNscdGroupCache()
+
     @classmethod
     def setPathReadExecutePermissionsForGroup(cls, path, groupName):
         """ Set path permissions for the given group. """
@@ -272,6 +283,17 @@ class LdapLinuxPlatformUtility:
         cmd = '%s \:%s %s' % (cls.CHOWN_CMD, groupName, path)
         cls.executeSudoCommand(cmd)
 
+    @classmethod
+    def refreshNscdGroupCache(cls):
+        logger = cls.getLogger()
+        try:
+            logger.debug('Refreshing NCSD secondary group membership cache')
+            cmd = '%s -i group' % (cls.NSCD_CMD)
+            cls.executeSudoCommand(cmd)
+        except Exception, ex:
+            logger.warn('Failed to refresh NCSD group cache: %s' % (str(ex)))
+
+
 #######################################################################
 # Testing.
 
-- 
GitLab