Hello, I have a stupid idea. We now have ability to make IPA trust AD and AD trust IPA. IPA pretends that it is AD. I wonder how hard it would be to setup the case when there are two IPA servers that both pretending that they are AD talking to each other. This might be a temp solution for IPA to IPA trusts until we do PADs. It might be a temp solution for use cases like this https://fedorahosted.org/freeipa/ticket/3742
I suspect that SSSD would have to be configured as if it is a member of an AD domain trusting another AD domain for this to work :-) -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel