Hi List Currently I have a stable trust relationship going between IPA and Windows AD. I create users and manage passwords in AD, but want to manage the rest in IPA, "the rest" being default shell, default home directory settings, RBAC, HBAC, Selinux etc ..
What I'm expecting it to be able to log into the FreeIPA web interface, and see a synched list of users created in AD appear in the interface, after which I can modify the settings on a per user basis. If that level of granularity is not possible, I would then expect to be able to at least apply an IPA-imposed set of account defaults on and AD user group: - default shell - HBAC rules - Sudo rules - SELinux rules - RBAC Is this possible with FreeIPA? I can't find anything coherent in the documentation that describes an effective way of managing the POSIX attributes of AD users in FreeIPA. Thanks in advance! Traiano
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
