I've been working with support on how to set up HBAC and sudo rules with AD users.
>From what they've described I can only manage them on an aggregate level using an external group. For example, I can define an hbac rule, but that hbac rule will be vaild for *all* AD users in the external group that was created to handle them. Am I missing something? If that's the case then this isn't flexible enough for our needs. I have to be able to specify rules based on individual accounts. It seems like there might be a work-around by using multiple external groups and having each AD user in their own external group, but that would be really cumbersome (if it's even possible.) Do I have any other options? Thanks, --Jason
_______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users