Over the past month, I rearranged my local systems for our collaboration environment. The essence of the work is to combine employee identities (defined in AD) with identities for external users (defined in FreeIPA), massage them so that they look the same, and export them to every posix desktop and web application I support.
Defining cross-domain posix groups is included, and was successfully performed, but sssd doesn't have a vocabulary to describe a merged domain (one identity provider, multiple auth providers). Still trying to figure out if I can force this to work somehow. The activity may shine a light on some of the things "views" might be required to do. http://www.freeipa.org/page/V4/Use_Case_for_Views:_Collaboration Enjoy, Bryce This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project