Hi List

Currently I have a stable trust relationship going between IPA and Windows
AD. I create users and manage passwords in AD, but want to manage the rest
in IPA, "the rest" being default shell, default home directory settings,
RBAC, HBAC, Selinux  etc ..

What I'm expecting it to be able to log into the FreeIPA web interface, and
see a synched list of users created in AD appear in the interface, after
which I can modify the settings on a per user basis.

If that level of granularity is not possible, I would then expect to be
able to at least apply an IPA-imposed set of account defaults on and AD
user group:

- default shell
- HBAC rules
- Sudo rules
- SELinux rules

Is this possible with FreeIPA? I can't find anything coherent in the
documentation that describes an effective way of managing the POSIX
attributes of AD users in FreeIPA.

Thanks in advance!
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to