Skip to main content
NetApp Knowledgebase

How to flush netgroups cache in clustered Data ONTAP?

Last Updated:

Applies to

Tested with Clustered Data ONTAP 8.3.1 


ONTAP caches netgroups data in the local cache for improved performance. However, because of using cache, changes made to the netgroup database on NISLDAP servers are not reflected immediately on the cluster. They will be available only after the cache expires the next time.
In case the Administrator needs those changes to be reflected immediately, the cache will have to be flushed manually.

The following section explains how to flush the netgroups cache for NIS or LDAP name-servers.


  • The following set of commands flushes multiple entries of netgroups which will force the vServer to fetch the whole data back from the Name-Services. Use these commands only when necessary
  • The command 'export-policy cache flush' must be issued from the node that owns the cache, thus; by logging in to a management LIF on each node.
  • Part of the following commands are only available with diag privileges.

Flush NIS/LDAP Netgroups Cache:
To manually flush the netgroups cache, run the following commands in the exact order:
  • From each node management lif, Flush MGWD/SECD netgroups cache:  
    export-policy cache flush -vserver <vserver-name> -cache netgroup
  • Flush NBLADE netgroups cache:
  • diag exports nblade access-cache flush -node <node-name> -vserver <vserver-name> -policy <export-policy-name> -address <client-IP-address> 
    Note: The flags -address and -vserver can be removed in-case of a requirement to flush all.

For LDAP netgroups on clustered Data ONTAP version earlier than 8.3.2, run the following commands before running the above procedure:

If your version is 8.3.2 and up you can skip this step.

  •  Flush SECD netgroups cache:
    diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name netgroup-ip -entry <netgroup-name>
    diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name netgroup-host -entry <netgroup-name>
    diag secd cache clear -node <node-name> -vserver <vserver-name> -cache-name ldap-netgroupname-to-members -entry <netgroup-name>

    Note: The flag -entry can be removed in-case of a requirement to flush all.


Additional Information

Related Links: