[Freeipa-users] Re: Automatic Group Membership for AD Users

On ke, 26 syys 2018, Peter Tselios via FreeIPA-users wrote: Thanks, this example talks about winsync-synchronised users. This is not using trust to AD functionality but rather represents AD users as native IPA users with some additional attributes/object classes. I'll point you to my previous answers on this topic: https://www.redhat.com/archives/freeipa-users/2014-March/msg00295.html https://www.redhat.com/archives/freeipa-users/2016-October/msg00083.html If you want to add sudo rules for AD users then you shouldn't use automember rules. You just add sudo rules for a POSIX group that includes external group for these AD users. This would be a static rule. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland