On Mon, Nov 23, 2015 at 10:54:03AM +0100, Martin Kosek wrote: > On 11/23/2015 10:50 AM, Winfried de Heiden wrote: > > Hi all, > > > > For some reason, we only want to use the Active Directory user from an > > Active > > Directory using a Trust. (groups like "Domain Users" are of no use...) > > > > Is it possible to ignore (hide) ALL groups from a particular Domain (trust)/ > > > > Kinds Regards, > > > > Winny > > This looks as a question for the client part (SSSD). I do not fully understand > the use case, you want to allow AD user to authenticate to Linux box, but you > do not want the Linux box to see any of the AD groups? What is the motivation, > if I may ask? >
I don't think this is possible, at least not until there would be a separate subdomain configuration. At the moment, most of the subdomain configuration is just the defaults. But I don't see the reason either, at most the groups would be able to own resources on IPA-managed boxes.. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
