Does this help? https://freeipa.readthedocs.io/en/latest/designs/adtrust/admin-ipa-as-trusted-user.html#usage
On Mon, Oct 12, 2020 at 7:59 PM Chris Dagdigian via FreeIPA-users < [email protected]> wrote: > Hi folks, > > I've got a three-node replicating FreeIPA cluster running in AWS with a > one-way trust to an Active Directory domain. > > Things work well with respect to user overrides and RBAC rules affecting > client machines but I can't for the life of me figure out the order of > operations for allowing a couple of external AD users to have admin > access to the FreeIPA webUI itself. > > There are 3 AD users I'd like to give WebUI admin access to. > > So far I've tried the standard stuff I've used for non-IPA clients: > > 1) make group "corp_admins_external" populated with external > "[email protected]" identities > 2) Make group "corp_admins_posix" populated with the > corp_admins_external group > 3) Added corp_admins_posix group to the admin group > > Best I've been able to do so far is give myself login access to just the > user self-service page and even then that failed until > oddjob-mkhomedir() was running and enabled under authconfig > > Is there a guide or a documentation set specific to granting admin > access to the webUI for forms-based login users? > > Thanks! > > Chris > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
