I manage a suite of machines and services which are used for collaborative 
projects with external partners. I want to allow users within our organization 
to authenticate with their existing Active Directory accounts, and I have set 
up an "External Users" LDAP directory to establish identities for our partners. 
I have an LDAP server set up which merges the two directories and which 
forwards requests on to the correct directory.

I like the idea of FreeIPA, however, I need support for a one-way trust. I 
don't have the ability to modify any entries in our AD server, but I do have a 
normal user account (hence I can bind to AD's LDAP interface). However, I think 
this is kind of  a moot point since external users should under no 
circumstances be allowed access to our internal network/services. Read-only 
access to AD is just peachy. I found this old message (June 2012) on your 
mailing list which suggests one-way trusts may be on your radar. [1] However, I 
looked through your Trac tickets and didn't see any follow up. Did I miss 
something? Is this already implemented, or are plans in place?

Thanks much,

[1] https://www.redhat.com/archives/freeipa-users/2012-June/msg00206.html

This electronic message contains information generated by the USDA solely for 
the intended recipients. Any unauthorized interception of this message or the 
use or disclosure of the information it contains may violate the law and 
subject the violator to civil or criminal penalties. If you believe you have 
received this message in error, please notify the sender and delete the email 
Freeipa-users mailing list

Reply via email to