On Пят, 19 сту 2024, Yuriy Halytskyy via FreeIPA-users wrote:
Hi,
At first I've just created an external group, added the user, and
added that group to a role but that didn't work. Then I stumbled
across this while googling:
ipa idoverrideuser-add 'Default Trust View' username@DOMAIN
And it works, the user can use IPA commands with AD kerberos ticket
and roles apply properly. But I cannot for the life of me figure out
what that did and are there any other consequences.
Documentation talks about using ID views to override user properties
but this doesn't specify any properties to override. Also, it says the
view is applied to all AD users, but in that case why do I need to run
that command?
You need to look at design pages that most new FreeIPA features have.
https://freeipa.readthedocs.io/en/latest/designs/adtrust/admin-ipa-as-trusted-user.html
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
