Prevent domain-local groups from being mapped at all - FreeIPA-users - Fedora mailing-lists

List overview All Threads
Download

Prevent domain-local groups from being mapped at all

SMB share with IPA ID Views user...

Ranger FreeIPA Integration

Ronald Wimmer

24 Jun 2024 24 Jun '24

5:43 a.m.

Is there a way for preventing AD domain-local groups from being mapped into IPA? From time to time colleagues try to use AD groups with scope 'domain local'. Personally, I do not see a use case for these groups mapped into IPA...

Cheers, Ronald

Reply

Show replies by date

Alexander Bokovoy

24 Jun 24 Jun

6:01 a.m.

New subject: Prevent domain-local groups from being mapped at all

On Пан, 24 чэр 2024, Ronald Wimmer via FreeIPA-users wrote:

Is there a way for preventing AD domain-local groups from being mapped into IPA? From time to time colleagues try to use AD groups with scope 'domain local'. Personally, I do not see a use case for these groups mapped into IPA...

There is no way to prevent those, at least right now. SSSD does not give us a type of a group when group is requested.

-- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland

Reply

6

Age (days ago)

6

Last active (days ago)

freeipa-users@lists.fedorahosted.org

1 comments

2 participants

tags (0)

participants (2)

Alexander Bokovoy
Ronald Wimmer