#2149 [RFE] When trusts are anabled allow an AD user to access and manage IPA
Opened 7 years ago by dpal. Modified 2 years ago

Use case:

  1. User is on Windows system which is a part of the AD domain
  2. User authenticated against AD and has TGT
  3. AD and IPA trust each other
  4. User starts IE on his system and points to IPA UI
  5. User is able to manage IPA if he is a member of an administrative group

Something like this would probably require a remapping of the identities received from AD and ticket to the local accounts. It is unclear if it can be done in a non "fragile" way.

Patch for this RFE is on the devel list.

Moving to needs_triage

Prerequisite for the feature was pushed:


  • b506fd1 adtrust: support GSSAPI authentication to LDAP as Active Directory user

Moving to 4.5 but some preparation work, e.g. a crude preview, may land in 4.4.x if implemented. If so then a new 4.4.x ticket would be needed for that.

Metadata Update from @dpal:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 4.5 backlog

2 years ago

Login to comment on this ticket.