[Freeipa-users] IPA & AD trust question
Martin Kosek
mkosek at redhat.com
Fri May 31 10:37:51 UTC 2013
On 05/31/2013 09:37 AM, Sumit Bose wrote:
> On Fri, May 31, 2013 at 06:52:27AM +0000, Ondrej Valousek wrote:
>> Hi List,
>>
>> I have a question - is it possible to use AD trust the way that:
>> 1. All users are stored in AD
>> 2. All Unix specific information (automount maps, sudo rules, HBAC rules) are stored in IPA?
>
> Yes, sudo and HBAC for sure, I haven't tested automount maps but so far
> I can see no issues.
>
>>
>> If yes then:
>> 1. Will this scenario honour the RFC2307 user attributes in AD?
>
> We are trying to support RFC2307 attributes in AD with the next releases
> for SSSD and FreeIPA. Currently only algorithmic IP mapping based on the
> AD user's RID is available.
Ondreji, this is by the way the upstream ticket under which this feature is
being implemented (in case you want to follow it):
https://fedorahosted.org/freeipa/ticket/2904
There are other tickets targeted on AD cooperation in FreeIPA 3.3 release
(https://fedorahosted.org/freeipa/report/3), you may also want to check that
they address your needs (and provide comments if they don't). We are still in a
design phase, so some amendments are possible.
Thanks,
Martin
More information about the Freeipa-users
mailing list