On Sun, Aug 10, 2014 at 12:40:49AM -0400, Dmitri Pal wrote:
> On 07/25/2014 12:45 AM, Sanju A wrote:
> >Dear All,
> >
> >Centralized authentication is working fine and we have a requirement to
> >give privilege to users for configuring printer in their machines. For
> >local users, they will get the privilege by adding them to the local
> >printer group (lp or lpadmin group).
> >
> >Is there any way to add the user to the end machine  printer group.
> You can't add central users to local groups.
> I am not familiar with printer configuration policies.
> Which systems are the clients? RHEL? Fedora? CentOS?
> In all these cases I suspect this would be done via policy kit policies so
> may be the way to go is to update policy to point to user's private group.
> I smell RFE here but probably for SSSD rather than IPA.

I suspect this should work already. My LDAP user (fetched via SSSD) is a
happy member of several local groups such as mock.

Just add him with the usual shadow-utils tools:
    usermod -a -G $groupname $username

What is problematic is the other way around, that is, add a local user
to an LDAP group. Currently we can only do this for the RFC2307 schema,
not for RFC2307bis or its variants.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to