[Freeipa-users] How do you allow Active Directory Users to login to the webgui
Florence Blanc-Renaud
flo at redhat.com
Fri May 12 15:29:20 UTC 2017
On 05/12/2017 04:09 PM, Tym Rehm wrote:
> So I'm testing a new freeipa 4.x setup that has a one-way trust to
> Active Directory. I have been able to define user groups to access the
> AD groups and configure the groups to work with HBAC rules. So my AD
> users are able to ssh into the client machines if HBAC allows them to.
>
> The issue I'm having is that I would like to allow the AD users to login
> to the webgui. I currently have the users in the defined in the ID views
> (Default Trust View). I'm only setting the Home Directory at present,
> should I add to the ID view?
>
> Thanks
>
> --
> --
> Do not meddle in the affairs of dragons cause you are crunchy and good
> with ketchup.
>
>
Hi Tym,
this feature is available since FreeIPA 4.5.1 (see ticket 3242 [1]). You
need to define a idoverrideuser for each AD user with:
$ ipa idoverrideuser-add 'Default Trust View' aduser at ad-domain.com
HTH,
Flo.
[1] https://pagure.io/freeipa/issue/3242
More information about the Freeipa-users
mailing list