On Mon, Nov 23, 2015 at 10:54:03AM +0100, Martin Kosek wrote:
> On 11/23/2015 10:50 AM, Winfried de Heiden wrote:
> > Hi all,
> > For some reason, we only want to use the Active Directory user from an
> > Active
> > Directory using a Trust. (groups like "Domain Users" are of no use...)
> > Is it possible to ignore (hide) ALL groups from a particular Domain (trust)/
> > Kinds Regards,
> > Winny
> This looks as a question for the client part (SSSD). I do not fully understand
> the use case, you want to allow AD user to authenticate to Linux box, but you
> do not want the Linux box to see any of the AD groups? What is the motivation,
> if I may ask?
I don't think this is possible, at least not until there would be a
separate subdomain configuration. At the moment, most of the subdomain
configuration is just the defaults.
But I don't see the reason either, at most the groups would be able to
own resources on IPA-managed boxes..
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project