<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <style>  </style> </head> <body lang="EN-US" link="blue" vlink="purple"> <div class="WordSection1"> Hello, I manage a suite of machines and services which are used for collaborative projects with external partners. I want to allow users within our organization to authenticate with their existing Active Directory accounts, and I have set up an “External Users” LDAP directory to establish identities for our partners. I have an LDAP server set up which merges the two directories and which forwards requests on to the correct directory. I like the idea of FreeIPA, however, I need support for a one-way trust. I don’t have the ability to modify any entries in our AD server, but I do have a normal user account (hence I can bind to AD’s LDAP interface). However, I think this is kind of a moot point since external users should under no circumstances be allowed access to our internal network/services. Read-only access to AD is just peachy. I found this old message (June 2012) on your mailing list which suggests one-way trusts may be on your radar. [1] However, I looked through your Trac tickets and didn’t see any follow up. Did I miss something? Is this already implemented, or are plans in place? Thanks much, Bryce [1] https://www.redhat.com/archives/freeipa-users/2012-June/msg00206.html </div> This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately. </body> </html>