On 11/21/2011 11:48 AM, David Juran wrote:
> I have a customer who is using nisNetgroups in microsoft Active
> Directory to keep track of which users are allowed to access which
> services. I've understood that IPA today does not sync this information
> from AD, is this correct?
> What about the future, once we can have trust towards an AD? Would that
> allow us to use the nisNet groups in AD for HBAC and sudo?
Trusts would not help with netgroups.
I wonder if it is something that can be done via a client configuration.
But also why not move netgroups into IPA? Dumping the data into LDIF,
creating a script to convert it to IPA internal netgroups format and
loading it is not a huge effort.
> Freeipa-users mailing list
Sr. Engineering Manager IPA project,
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list