[Freeipa-users] Are there active plans to allow AD trust users to login to the FreeIPA webUI?
Dmitri Pal
dpal at redhat.com
Fri May 8 20:01:06 UTC 2015
On 05/08/2015 01:24 PM, nathan at nathanpeters.com wrote:
>> On 05/08/2015 12:25 PM, nathan at nathanpeters.com wrote:
>>> We have all of our users in a trusted Active Directory domain and it
>>> would
>>> be nice to allow them to administer our DNS using their AD accounts.
>>>
>>> I tried creating a group called DNS administrators and assigning it the
>>> DNS administrator privilege and then adding my ad_domain_admin group
>>> (containing the nested external group containing my ad groups), but when
>>> I
>>> try to login to the webui it denies me access.
>>>
>>> I see a ticket here regarding allowing this :
>>> https://fedorahosted.org/freeipa/ticket/3242
>>>
>>> It doesn't look like anything has happened on that ticket in the last 15
>>> months though.
>>>
>>> Any idea if / when this will be implemented?
>>>
>>>
>> There are no current plans. It is quite complex as we need to have a
>> ticket for the user for ldap server to have this functionality enabled.
>> This is the first time anyone from the community actually requested this
>> feature.
>> I think for the future planning it would be best if you can comment in
>> the ticket and add your justification.
>> We will consider it in the next planning cycle.
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Director of Engineering for IdM portfolio
>> Red Hat, Inc.
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
> Ok, thanks. I've updated the ticket with my justification for continuing
> work on this feature:
> https://fedorahosted.org/freeipa/ticket/3242#comment:12
>
Thank you!
Much appreciated.
--
Thank you,
Dmitri Pal
Director of Engineering for IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list