freeipa

Clone
Source Code
GIT

#4445 [RFE] Provide a way to manage groups by the external provisioning system
Opened 9 years ago by dpal. Modified 7 years ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid

In ticket #3813 we allow external system to manage user life cycle. In other ticket #3911 we allow external system to manage IPA user via LDAP. What is missing is the way for the external system to manage groups and user membership via LDAP.

  1. We need to see if we can just advise people to create groups via LDAP. If not we probably need to allow something similar to staging for groups. May be external system will create LDAP entries in the same staging area that will be then properly converted?
  2. We need to figure out how external system would be able to add/remove users from groups.

There are some IAM systems (Oracle, IBM) that do the group and group membership management so we need to cover that part too.

We still need to decide whether this falls in FreeIPA 4.2 or 4.3 time scope. Moving to 4.2 and assigning to Thierry for now.

The FreeIPA 4.2 was already shaped (see [[milestone:FreeIPA 4.2]] milestone), this does not fit. Pushing out.

If anyone is willing to help and contribute to this one, please let us know!

Metadata Update from @dpal:
- Issue assigned to tbordaz
- Issue set to the milestone: FreeIPA 4.5 backlog
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
enhancement
None
None
IPA
None
0
None
None
None
None
todo
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.