On Mon, 2011-09-05 at 21:15 +0000, Steven Jones wrote:
> No im looking at this in a fairly agnostic way.....what I am looking
> for are real world scenarios that I can test potential LDAP type
> solutions against to determine the best for our needs....but you are
> right the sssd link in is a killer......
> I have to prove to my management which solution is the best....I have
> an uphill struggle as they want to use AD but they also want all the
> bells and whistles, except they dont know what that means.....so I
> need to construct test cases where I can say here are (say) 5 cases, I
> want to get them to sign off on as what they want.....
> So I need to use logic against their gut feel.....or I'll end up
> managing a pile of crap....

In v3 we are planning on having "external groups" where you can put
users from trusted domains. So you can reference these groups locally
and are free to determine memberships. That will allow to use HBAC.

That said you can only controil HBAC stuff on freeipa-enabled servers.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to