On Sun, Aug 10, 2014 at 12:40:49AM -0400, Dmitri Pal wrote: > On 07/25/2014 12:45 AM, Sanju A wrote: > >Dear All, > > > >Centralized authentication is working fine and we have a requirement to > >give privilege to users for configuring printer in their machines. For > >local users, they will get the privilege by adding them to the local > >printer group (lp or lpadmin group). > > > >Is there any way to add the user to the end machine printer group. > You can't add central users to local groups. > I am not familiar with printer configuration policies. > Which systems are the clients? RHEL? Fedora? CentOS? > In all these cases I suspect this would be done via policy kit policies so > may be the way to go is to update policy to point to user's private group. > > I smell RFE here but probably for SSSD rather than IPA.
I suspect this should work already. My LDAP user (fetched via SSSD) is a happy member of several local groups such as mock. Just add him with the usual shadow-utils tools: usermod -a -G $groupname $username What is problematic is the other way around, that is, add a local user to an LDAP group. Currently we can only do this for the RFC2307 schema, not for RFC2307bis or its variants. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project