I have a stupid idea.
We now have ability to make IPA trust AD and AD trust IPA. IPA pretends
that it is AD.
I wonder how hard it would be to setup the case when there are two IPA
servers that both pretending that they are AD talking to each other.
This might be a temp solution for IPA to IPA trusts until we do PADs.
It might be a temp solution for use cases like this

I suspect that SSSD would have to be configured as if it is a member of
an AD domain trusting another AD domain for this to work :-)

Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.

Looking to carve out IT costs?

Freeipa-devel mailing list

Reply via email to