[Freeipa-users] Web UI plugins or other extensions
Dmitri Pal
dpal at redhat.com
Wed Feb 25 21:11:48 UTC 2015
On 02/25/2015 02:15 PM, Hugh wrote:
> On 2/25/2015 12:50 PM, Dmitri Pal wrote:
>> Will all users created via IPA interface synched to AD?
>> Is there any harm to make all users be created with the attributes
>> mentioned earlier in this thread?
>>
> Almost all. We have some users that will be role accounts for various
> pieces of software. It's fine with me if all users by default get those
> attributes and for those that shouldn't we can manually go back and
> remove the object/attributes.
>
> Hugh
>
I think you can start with adding ntUser object class into the list of
the object classes in the IPA configuration in UI. That would apply it
to the new entries automatically.
If that does not work it is probably a bug. If it works you will have
the object class right there.
Next step is creating attributes
- ntUserDomainId - I wonder whether it can be auto-populated using
managed entry or CoS configuration in DS. If that works it will be a
config change rather than a code change which means it will survive
upgrades (most likely).
- ntUserCreateNewAccount - should be set to true AFAIU and I wonder if
it can be set to true using same managed entry or CoS mechanism.
I am not saying that would work but that might work and would avoid
doing code changes.
If you willing to do code changes than it should be possible to just
update the user plugin to autopopulate the entries with these
attributes. But that would definitely blow up during upgrade.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list