On ke, 26 syys 2018, Peter Tselios via FreeIPA-users wrote:
Thanks, this example talks about winsync-synchronised users. This is not
using trust to AD functionality but rather represents AD users as native
IPA users with some additional attributes/object classes.
Example:
AD Group: External Consultants ( I don't have the LDAP entry at the moment).
IdM Sudoers: Sudoers
I'll point you to my previous answers on this topic:
https://www.redhat.com/archives/freeipa-users/2014-March/msg00295.html
https://www.redhat.com/archives/freeipa-users/2016-October/msg00083.html
If you want to add sudo rules for AD users then you shouldn't use
automember rules. You just add sudo rules for a POSIX group that
includes external group for these AD users. This would be a static rule.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland