Hi,
At first I've just created an external group, added the user, and
added that group to a role but that didn't work. Then I stumbled
across this while googling:
ipa idoverrideuser-add 'Default Trust View' username@DOMAIN
And it works, the user can use IPA commands with AD kerberos ticket
and roles apply properly. But I cannot for the life of me figure out
what that did and are there any other consequences.
Documentation talks about using ID views to override user properties
but this doesn't specify any properties to override. Also, it says the
view is applied to all AD users, but in that case why do I need to run
that command?
Cheers,
Yuriy