[Freeipa-users] AD trusts & HBACs & such

[KodaK]

I've been working with support on how to set up HBAC and sudo rules with AD
users.

>From what they've described I can only manage them on an aggregate level
using an external group.

For example, I can define an hbac rule, but that hbac rule will be vaild
for *all* AD users in the external group that was created to handle them.

Am I missing something?  If that's the case then this isn't flexible enough
for our needs.  I have to be able to specify rules based on individual
accounts.

It seems like there might be a work-around by using multiple external
groups and having each AD user in their own external group, but that would
be really cumbersome (if it's even possible.)

Do I have any other options?

Thanks,

--Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140325/d6005f24/attachment.htm>