[Freeipa-users] Are there active plans to allow AD trust users to login to the FreeIPA webUI?
Dmitri Pal
dpal at redhat.com
Fri May 8 17:12:02 UTC 2015
On 05/08/2015 12:25 PM, nathan at nathanpeters.com wrote:
> We have all of our users in a trusted Active Directory domain and it would
> be nice to allow them to administer our DNS using their AD accounts.
>
> I tried creating a group called DNS administrators and assigning it the
> DNS administrator privilege and then adding my ad_domain_admin group
> (containing the nested external group containing my ad groups), but when I
> try to login to the webui it denies me access.
>
> I see a ticket here regarding allowing this :
> https://fedorahosted.org/freeipa/ticket/3242
>
> It doesn't look like anything has happened on that ticket in the last 15
> months though.
>
> Any idea if / when this will be implemented?
>
>
There are no current plans. It is quite complex as we need to have a
ticket for the user for ldap server to have this functionality enabled.
This is the first time anyone from the community actually requested this
feature.
I think for the future planning it would be best if you can comment in
the ticket and add your justification.
We will consider it in the next planning cycle.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list