Is there a way for preventing AD domain-local groups from being mapped into IPA? From time to time colleagues try to use AD groups with scope 'domain local'. Personally, I do not see a use case for these groups mapped into IPA...
Cheers, Ronald
On Пан, 24 чэр 2024, Ronald Wimmer via FreeIPA-users wrote:
Is there a way for preventing AD domain-local groups from being mapped into IPA? From time to time colleagues try to use AD groups with scope 'domain local'. Personally, I do not see a use case for these groups mapped into IPA...
There is no way to prevent those, at least right now. SSSD does not give us a type of a group when group is requested.
freeipa-users@lists.fedorahosted.org