I am looking into migrating an existing deployment of LDAP with hundreds of 
users and hundreds of groups into a IPA solution with trust against AD. All 
users currently exists with the same names in AD but groups does not, one 
solution would be adding all those groups to AD with gidNumber set to only 
administer the users and groups in AD. External groups seems to be the 
solution, but that would require external groups created in the IPA, I would 
like to avoid that and have tested with groups only in AD with gidNumber set 
and it seems to work, I can at least see the group and SUDO rules works with 
the group.

So my question is, can you use groups in AD without referencing them in IPA and 
any please throw in any other suggestions for trying to have all data in active 
directory without having to change anything in the IPA when adding users or 
groups (or host/netgroups for that matter)


Sent from my iPad
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to