Hi All,

 

I’m to setup FreeIPA in my organization to be the central directory for users/group/SSH keys and maybe sudo rules. All the users and groups are already present in Windows Active Directory.

 

So far I’ve tried setting up AD Trust but this does not get the users in AD to login to web UI of FreeIPA. I have looked at Passync as well but as per the docs only users will be synced that too only on a password change and groups won’t be.

 

To give you more details below is my use case.

 

1. The users and groups are in AD.
2. A user in AD should be able to login to FreeIPA web UI using AD password and manage their SSH keys.
3. Groups on AD should reflect in FreeIPA.

 

Appreciate if anyone can point me in the right direction.

 

Regards.

--Prashant