[Freeipa-users] AD users not visible in FreeIPA mapped group
Jan Pazdziora
jpazdziora at redhat.com
Tue Jul 14 08:52:18 UTC 2015
On Tue, Jul 14, 2015 at 11:06:20AM +0300, Alexander Bokovoy wrote:
> On Tue, 14 Jul 2015, Jan Pazdziora wrote:
> >
> >Would it make sense to have a way of running the SSSD evaluation from
> >the WebUI and showing the results there? Clearly distinguished from
> >the LDAP data, yet exposed in the WebUI ...
> Definitely not here. We have checks for HBAC rules with AD users that
> explicitly take external group membership into account already.
>
> Resolving AD group membership is time-consuming operation and adding it
> into a normal path is going to slow down everything.
Sure. So how about separate tab, which could also ask for confirmation
if the user wants to run the enumeration?
--
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list