On 05/31/2013 09:37 AM, Sumit Bose wrote: > On Fri, May 31, 2013 at 06:52:27AM +0000, Ondrej Valousek wrote: >> Hi List, >> >> I have a question - is it possible to use AD trust the way that: >> 1. All users are stored in AD >> 2. All Unix specific information (automount maps, sudo rules, HBAC rules) >> are stored in IPA? > > Yes, sudo and HBAC for sure, I haven't tested automount maps but so far > I can see no issues. > >> >> If yes then: >> 1. Will this scenario honour the RFC2307 user attributes in AD? > > We are trying to support RFC2307 attributes in AD with the next releases > for SSSD and FreeIPA. Currently only algorithmic IP mapping based on the > AD user's RID is available.
Ondreji, this is by the way the upstream ticket under which this feature is being implemented (in case you want to follow it): https://fedorahosted.org/freeipa/ticket/2904 There are other tickets targeted on AD cooperation in FreeIPA 3.3 release (https://fedorahosted.org/freeipa/report/3), you may also want to check that they address your needs (and provide comments if they don't). We are still in a design phase, so some amendments are possible. Thanks, Martin _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users