Things you can't easily do are things like "Create a desktop user". You
can't easily do this because the group membership is assigned later.


yep, tahst OK I think......Users will be created by our useradmins initially, 
in AD and then IPA if there is a need for a UID/linux login.  

Later after I have a one way passsync working I will do a one way winsync 
agreement such that when the useradmin crates the user in the provisioning 
system which in turn injects it inot AD that is automatically transmitted to 
IPA.  At that point I would want the  desktop admin or useradmin to assign that 
user to group(s).

At least this is how I think we will be working, hopefully that makes sense.


Freeipa-users mailing list

Reply via email to