[Freeipa-users] AD trusts & HBACs & such
KodaK
sakodak at gmail.com
Tue Mar 25 18:22:33 UTC 2014
I've been working with support on how to set up HBAC and sudo rules with AD
users.
>From what they've described I can only manage them on an aggregate level
using an external group.
For example, I can define an hbac rule, but that hbac rule will be vaild
for *all* AD users in the external group that was created to handle them.
Am I missing something? If that's the case then this isn't flexible enough
for our needs. I have to be able to specify rules based on individual
accounts.
It seems like there might be a work-around by using multiple external
groups and having each AD user in their own external group, but that would
be really cumbersome (if it's even possible.)
Do I have any other options?
Thanks,
--Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140325/d6005f24/attachment.htm>
More information about the Freeipa-users
mailing list