Hi,
I am looking into migrating an existing deployment of LDAP with hundreds of
users and hundreds of groups into a IPA solution with trust against AD. All
users currently exists with the same names in AD but groups does not, one
solution would be adding all those groups to AD with gidNumber set to only
administer the users and groups in AD. External groups seems to be the
solution, but that would require external groups created in the IPA, I would
like to avoid that and have tested with groups only in AD with gidNumber set
and it seems to work, I can at least see the group and SUDO rules works with
the group.
So my question is, can you use groups in AD without referencing them in IPA and
any please throw in any other suggestions for trying to have all data in active
directory without having to change anything in the IPA when adding users or
groups (or host/netgroups for that matter)
Thanks
Henrik
Sent from my iPad
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org