On Sun, May 05, 2019 at 04:11:34PM -0000, soham chakraborty wrote:
> Hi,
>
> I have a requirement where human users will be logging in with their AD
> accounts. However, there are some applications that create local user and
> group and at times, the AD users may need to work on the application,
> view/edit files owned by the application user/group, run programs etc.
> Therefore we need to create some sort of mapping between the AD users and the
> local group.
>
> After coming through this mailing list, I realized that the recommendation is
> to add the remote AD users into the local group by way of modifying
> /etc/group file. What I am wondering is that, is this the only way to solve
> the problem or is there any other way (presumably better way) to handle this?
>
> I am using Puppet already. Therefore I think I may use the augeas provider to
> edit /etc/group file to add the users. I also need to devise a way so that
> users can be deleted from /etc/group easily in an automated fashion. Has
> anyone got any tips under their sleeve that can be used to roll out this
> feature in a lot of servers?
If you can ensure that the remote group and the local group will always
have the same name and GID, then perhaps you could use:
https://sourceware.org/glibc/wiki/Proposals/GroupMerging
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
