I've been working with support on how to set up HBAC and sudo rules with AD

>From what they've described I can only manage them on an aggregate level
using an external group.

For example, I can define an hbac rule, but that hbac rule will be vaild
for *all* AD users in the external group that was created to handle them.

Am I missing something?  If that's the case then this isn't flexible enough
for our needs.  I have to be able to specify rules based on individual

It seems like there might be a work-around by using multiple external
groups and having each AD user in their own external group, but that would
be really cumbersome (if it's even possible.)

Do I have any other options?


Freeipa-users mailing list

Reply via email to