Things you can't easily do are things like "Create a desktop user". You
can't easily do this because the group membership is assigned later.
yep, tahst OK I think......Users will be created by our useradmins initially,
in AD and then IPA if there is a need for a UID/linux login.
Later after I have a one way passsync working I will do a one way winsync
agreement such that when the useradmin crates the user in the provisioning
system which in turn injects it inot AD that is automatically transmitted to
IPA. At that point I would want the desktop admin or useradmin to assign that
user to group(s).
At least this is how I think we will be working, hopefully that makes sense.
Freeipa-users mailing list