I have a stupid idea.
We now have ability to make IPA trust AD and AD trust IPA. IPA pretends
that it is AD.
I wonder how hard it would be to setup the case when there are two IPA
servers that both pretending that they are AD talking to each other.
This might be a temp solution for IPA to IPA trusts until we do PADs.
It might be a temp solution for use cases like this
I suspect that SSSD would have to be configured as if it is a member of
an AD domain trusting another AD domain for this to work :-)
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-devel mailing list