Hi all, "hy are you concerned about this in the first place? " It started from a practical point of view: if one is using the DC of the Office Automation, Ad users will get all sorts of AD groups I am never going to use. so why do I want to see them anyway? My screen get's a bit messy as for "u...@ad.example.com" when this user belongs tot 25 or something groups... It would be nice to hide these... Can I blacklist some of the groups? (Trusts --> ad.example.com --> Settings) by using the SID? Winny Op 10-02-16 om 09:42 schreef Jakub
Hrozek:
On Tue, Feb 09, 2016 at 11:58:46AM +0100, Winfried de Heiden wrote:Hi all,Using an Active Directory Trust with IPA all works fine but there's an disadvantage: it might brong in lots and lots of groups I am not interested in since it mainly hit Windows and/or Office stuff.Why are you concerned about this in the first place? Is it about performance needed to process these groups or about resources that can be owned by these groups?Now, is it possible to filter AD-groups? or: can I use an AD search base filter? (something like cn=linuxgroups,ou=allgroups,dc=example,dc=com)Not at the moment, the subdomains are autoconfigured and not configurable.On a small scale ID views can be used, but it not a great solution. (for all new groups appearing in AD the ID view must be modified) Some sugestions or documentation on filtering AD groups? Winny-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project |
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project