[Freeipa-users] Are there active plans to allow AD trust users to login to the FreeIPA webUI?
nathan at nathanpeters.com
nathan at nathanpeters.com
Fri May 8 17:24:58 UTC 2015
> On 05/08/2015 12:25 PM, nathan at nathanpeters.com wrote:
>> We have all of our users in a trusted Active Directory domain and it
>> would
>> be nice to allow them to administer our DNS using their AD accounts.
>>
>> I tried creating a group called DNS administrators and assigning it the
>> DNS administrator privilege and then adding my ad_domain_admin group
>> (containing the nested external group containing my ad groups), but when
>> I
>> try to login to the webui it denies me access.
>>
>> I see a ticket here regarding allowing this :
>> https://fedorahosted.org/freeipa/ticket/3242
>>
>> It doesn't look like anything has happened on that ticket in the last 15
>> months though.
>>
>> Any idea if / when this will be implemented?
>>
>>
> There are no current plans. It is quite complex as we need to have a
> ticket for the user for ldap server to have this functionality enabled.
> This is the first time anyone from the community actually requested this
> feature.
> I think for the future planning it would be best if you can comment in
> the ticket and add your justification.
> We will consider it in the next planning cycle.
>
> --
> Thank you,
> Dmitri Pal
>
> Director of Engineering for IdM portfolio
> Red Hat, Inc.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
Ok, thanks. I've updated the ticket with my justification for continuing
work on this feature:
https://fedorahosted.org/freeipa/ticket/3242#comment:12
More information about the Freeipa-users
mailing list