On Mon, Nov 23, 2015 at 10:54:03AM +0100, Martin Kosek wrote:
> On 11/23/2015 10:50 AM, Winfried de Heiden wrote:
> > Hi all,
> > 
> > For some reason, we only want to use the Active Directory user from an 
> > Active 
> > Directory using a Trust. (groups like "Domain Users"  are of no use...)
> > 
> > Is it possible to ignore (hide) ALL groups from a particular Domain (trust)/
> > 
> > Kinds Regards,
> > 
> > Winny
> 
> This looks as a question for the client part (SSSD). I do not fully understand
> the use case, you want to allow AD user to authenticate to Linux box, but you
> do not want the Linux box to see any of the AD groups? What is the motivation,
> if I may ask?
> 

I don't think this is possible, at least not until there would be a
separate subdomain configuration. At the moment, most of the subdomain
configuration is just the defaults.

But I don't see the reason either, at most the groups would be able to
own resources on IPA-managed boxes..

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to