On 05/31/2013 09:37 AM, Sumit Bose wrote:
> On Fri, May 31, 2013 at 06:52:27AM +0000, Ondrej Valousek wrote:
>> Hi List,
>> I have a question - is it possible to use AD trust the way that:
>> 1. All users are stored in AD
>> 2. All Unix specific information (automount maps, sudo rules, HBAC rules)
>> are stored in IPA?
> Yes, sudo and HBAC for sure, I haven't tested automount maps but so far
> I can see no issues.
>> If yes then:
>> 1. Will this scenario honour the RFC2307 user attributes in AD?
> We are trying to support RFC2307 attributes in AD with the next releases
> for SSSD and FreeIPA. Currently only algorithmic IP mapping based on the
> AD user's RID is available.
Ondreji, this is by the way the upstream ticket under which this feature is
being implemented (in case you want to follow it):
There are other tickets targeted on AD cooperation in FreeIPA 3.3 release
(https://fedorahosted.org/freeipa/report/3), you may also want to check that
they address your needs (and provide comments if they don't). We are still in a
design phase, so some amendments are possible.
Freeipa-users mailing list