Aha ! I was missing the Default Trust View work -- much appreciated!
Chris
David Sastre <mailto:d.sastre.med...@gmail.com>
October 12, 2020 at 2:10 PM
Does this help?
https://freeipa.readthedocs.io/en/latest/designs/adtrust/admin-ipa-as-trusted-user.html#usage
Chris Dagdigian <mailto:d...@sonsorol.org>
October 12, 2020 at 1:59 PM
Hi folks,
I've got a three-node replicating FreeIPA cluster running in AWS with
a one-way trust to an Active Directory domain.
Things work well with respect to user overrides and RBAC rules
affecting client machines but I can't for the life of me figure out
the order of operations for allowing a couple of external AD users to
have admin access to the FreeIPA webUI itself.
There are 3 AD users I'd like to give WebUI admin access to.
So far I've tried the standard stuff I've used for non-IPA clients:
1) make group "corp_admins_external" populated with external
"usern...@domain.com" identities
2) Make group "corp_admins_posix" populated with the
corp_admins_external group
3) Added corp_admins_posix group to the admin group
Best I've been able to do so far is give myself login access to just
the user self-service page and even then that failed until
oddjob-mkhomedir() was running and enabled under authconfig
Is there a guide or a documentation set specific to granting admin
access to the webUI for forms-based login users?
Thanks!
Chris
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
