In ticket #3813 we allow external system to manage user life cycle. In other ticket #3911 we allow external system to manage IPA user via LDAP. What is missing is the way for the external system to manage groups and user membership via LDAP.
There are some IAM systems (Oracle, IBM) that do the group and group membership management so we need to cover that part too.
We still need to decide whether this falls in FreeIPA 4.2 or 4.3 time scope. Moving to 4.2 and assigning to Thierry for now.
The FreeIPA 4.2 was already shaped (see [[milestone:FreeIPA 4.2]] milestone), this does not fit. Pushing out.
If anyone is willing to help and contribute to this one, please let us know!
Metadata Update from @dpal: - Issue assigned to tbordaz - Issue set to the milestone: FreeIPA 4.5 backlog
Login to comment on this ticket.