Currenty FreeIPA supports adding 'external members' to special groups in order to map external users coming from trust relationships to freeipa groups. This is used primarily to build the MS-PAC for filesystem access purposes. We should make sure we can use the same method for HBAC, sudo and eventually netgroup objects in order to better integrate authorization of users from trusted realms.
This would be greatly appreciated. It is quite the pain to create the external and local groups for each user in order to reference them in HBAC rules.
Metadata Update from @simo: - Issue assigned to someone - Issue set to the milestone: Ticket Backlog
Login to comment on this ticket.