Hi everyone,
first post, hope the question is not too dumb and this is the right list.
I’m trying to use IPA in the way the RHEL Windows Integration Guide describes it in the
one-way-trust setup (indirect integration, using AD for auth, IPA for policies).
However, I’m hitting a wall since at one point you have to provide AD Admin credentials
(setting up the agreement) which I don’t have/won’t have.
Question: Are there other ways to get the (almost) same result w/o having admin access to
AD?
* Some 2 years back Dmitri Dal made a comment here which seems to point into that
direction
https://pagure.io/freeipa/issue/4546
but I wasn’t able to find anything in the official documentation or elsewhere and that
issue has been closed as fixed.
As of now I only see recreating all the users/groups from AD in IPA w/o any connectivity
in between as one option, which would be ok but not very elegant
and users have to deal with another password.
Is it possible to use SSSD with AD as auth/idprovider and IPA for policies (something like
shown in the modern integration option image here
but with policies fetched from IPA:
http://rhelblog.redhat.com/2015/02/04/overview-of-direct-integration-opti...
thanks,
jgeo