User contacted me stating that he was unable to su to a particual user.
# su – appcannot find name for user ID 650
[I have no name!@localhost ~]
So I jumped on the box and attempted to "finger" the user "app". This command retured the expected output, as did the "id" command. Thinking that the issue was a temporary failure for the server to connect to the ldap server, I figured we were probably fine now. But when I attempted to su to the user above, I ran into the same issue that the user ran into. So I restarted sssd and tried again. Same issue. So in order to isolate the issue a bit more I then attempted to su to another user, and was successful.
Remebering that I had run into a similar issue before I decided to stop sssd and then delete its cache
service sssd stop ; cd /var/lib/sss/db ;rm cache_default.ldb; service sssd start.
Boom, su now works like a charm.
A bit of research shows that this is a known issue. See bugzilla here.
Also I could have used the ldbsearch command to verify that the particular users database/cache entry was corrupt.
ldbsearch -H /var/lib/sss/db/cache_default.ldb uidNumber=650