[Freeipa-users] Are there active plans to allow AD trust users to login to the FreeIPA webUI?
We have all of our users in a trusted Active Directory domain and it would be nice to allow them to administer our DNS using their AD accounts. I tried creating a group called DNS administrators and assigning it the DNS administrator privilege and then adding my ad_domain_admin group (containing the nested external group containing my ad groups), but when I try to login to the webui it denies me access. I see a ticket here regarding allowing this : https://fedorahosted.org/freeipa/ticket/3242 It doesn't look like anything has happened on that ticket in the last 15 months though. Any idea if / when this will be implemented? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Are there active plans to allow AD trust users to login to the FreeIPA webUI?
On 05/08/2015 12:25 PM, nat...@nathanpeters.com wrote: We have all of our users in a trusted Active Directory domain and it would be nice to allow them to administer our DNS using their AD accounts. I tried creating a group called DNS administrators and assigning it the DNS administrator privilege and then adding my ad_domain_admin group (containing the nested external group containing my ad groups), but when I try to login to the webui it denies me access. I see a ticket here regarding allowing this : https://fedorahosted.org/freeipa/ticket/3242 It doesn't look like anything has happened on that ticket in the last 15 months though. Any idea if / when this will be implemented? There are no current plans. It is quite complex as we need to have a ticket for the user for ldap server to have this functionality enabled. This is the first time anyone from the community actually requested this feature. I think for the future planning it would be best if you can comment in the ticket and add your justification. We will consider it in the next planning cycle. -- Thank you, Dmitri Pal Director of Engineering for IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project Ok, thanks. I've updated the ticket with my justification for continuing work on this feature: https://fedorahosted.org/freeipa/ticket/3242#comment:12 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] Are there active plans to allow AD trust users to login to the FreeIPA webUI?
On 05/08/2015 01:24 PM, nat...@nathanpeters.com wrote: On 05/08/2015 12:25 PM, nat...@nathanpeters.com wrote: We have all of our users in a trusted Active Directory domain and it would be nice to allow them to administer our DNS using their AD accounts. I tried creating a group called DNS administrators and assigning it the DNS administrator privilege and then adding my ad_domain_admin group (containing the nested external group containing my ad groups), but when I try to login to the webui it denies me access. I see a ticket here regarding allowing this : https://fedorahosted.org/freeipa/ticket/3242 It doesn't look like anything has happened on that ticket in the last 15 months though. Any idea if / when this will be implemented? There are no current plans. It is quite complex as we need to have a ticket for the user for ldap server to have this functionality enabled. This is the first time anyone from the community actually requested this feature. I think for the future planning it would be best if you can comment in the ticket and add your justification. We will consider it in the next planning cycle. -- Thank you, Dmitri Pal Director of Engineering for IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project Ok, thanks. I've updated the ticket with my justification for continuing work on this feature: https://fedorahosted.org/freeipa/ticket/3242#comment:12 Thank you! Much appreciated. -- Thank you, Dmitri Pal Director of Engineering for IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project