[Freeipa-users] How do you allow Active Directory Users to login to the webgui
Alexander Bokovoy
abokovoy at redhat.com
Fri May 12 16:14:04 UTC 2017
On pe, 12 touko 2017, Tym Rehm wrote:
>So I'm testing a new freeipa 4.x setup that has a one-way trust to Active
>Directory. I have been able to define user groups to access the AD groups
>and configure the groups to work with HBAC rules. So my AD users are able
>to ssh into the client machines if HBAC allows them to.
>
>The issue I'm having is that I would like to allow the AD users to login to
>the webgui. I currently have the users in the defined in the ID views
>(Default Trust View). I'm only setting the Home Directory at present,
>should I add to the ID view?
As Flo pointed out, login to web UI as AD user only works in FreeIPA
4.5.1+. If you have 4.4, you can only get AD users to access IPA CLI. To
do that you only need to create ID override as admin:
ipa idoverrideuser-add 'Default Trust View' user at AD.TEST
Just creating an ID override without anything else is enough.
Web UI support for AD users' self-service is only in 4.5.1+ which is
currently not packaged anywhere, I guess.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list