Hello
Based on the documentation we should use POST request on __shield/realm/NAME/_cache/clear to clear evicts users from the user cache.
However it looks like that this handler doesnt work anymore...
$ curl -u admin -XPOST http://127.0.0.1:9200/_shield/realm/ldap1/_cache/clear Enter host password for user 'admin': No handler found for uri [/_shield/realm/ldap1/_cache/clear] and method [POST]
Any advice?
Hello Mariusz,
I have the same issue like you.
Technical documentation of Shield sukcs 
Hi Mariusz,
Can you share the version of shield and elasticsearch that you are using? Also can you share your shield settings from the elasticsearch.yml file?
-Jay
Hi, we are using version 2.3.1
"version": {
"number": "2.3.1",
"build_hash": "bd980929010aef404e7cb0843e61d0665269fc39",
"build_timestamp": "2016-04-04T12:25:05Z",
"build_snapshot": false,
"lucene_version": "5.5.0"
}
And shield in the same version :
license 2.3.1 j
shield 2.3.1 j
On each host.
Our current configuration (more or less) looks like that:
cluster.name: {{ cluster }}
node.name: ${HOSTNAME}-{{ item.0 }}
node.master: {{ item.3 }}
node.data: {{ item.4 }}
node.rack: ${HOSTNAME}
path.data: {{ item.1 }}
bootstrap.mlockall: 1
network.bind_host: ${HOSTNAME}
network.publish_host: ${HOSTNAME}
network.host: ${HOSTNAME}
http.port: {{ item.2 }}
discovery.zen.ping.unicast.hosts: {{ hosts }}
discovery.zen.minimum_master_nodes: 4
node.max_local_storage_nodes: 3
cluster.routing.allocation.awareness.attributes: rack
cluster.routing.allocation.same_shard.host: 1
processors: 13
index.merge.scheduler.max_thread_count: 1
shield.ssl.keystore.path: /etc/elasticsearch/node{{ item.0 }}/shield/node.jks
shield.ssl.keystore.password: OUR_SECRET_PASSWORD
shield:
authc:
realms:
ldap1:
type: ldap
hostname_verification: 0
order: 0
url: "ldaps://{{ ldap_server }}:636"
user_dn_templates:
- "uid={0}, ou=People, o=company"
{{ ldap_users }}
group_search:
base_dn: {{ ldap_group }}
files:
role_mapping: "/etc/elasticsearch/node{{ item.0 }}/shield/role_mapping.yml
any update?
no 
I still do not know how to accelerate the propagation of the permissions changes. It looks like that you need to be really calm before you upgrade ELK to the newest version.
Maybe better is to wait a little before publish a new "stable" version... updating the whole infra every week is really painfull.
@us3r @michalterbert thank you for bringing this to our attention. In the process of adding a new alias for this API, the prior one was inadvertently removed. As a workaround, you can use the following command:
curl -u admin -XPOST http://127.0.0.1:9200/_shield/realm/ldap1/_clear_cache
I'll ensure the documentation is updated and the pre-existing API is restored for the next release.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.