On ke, 27 tammi 2021, Dirk Streubel via FreeIPA-users wrote:
Hello Alexander,
will this Version available in Fedora 33 or only in Rawhide?
I am planning to update Rawhide first and then F33 later this week.
See you
Dirk
Am 27.01.2021 10:48 schrieb Alexander Bokovoy via FreeIPA-users:
>On ke, 27 tammi 2021, Ronald Wimmer via FreeIPA-users wrote:
>>On 27.01.21 10:11, Alexander Bokovoy via FreeIPA-users wrote:
>>>The FreeIPA team would like to announce FreeIPA 4.9.1 release!
>>>
>>>It can be downloaded from
http://www.freeipa.org/page/Downloads.
>>>Builds
>>>for Fedora distributions will be available from the official
>>>repository
>>>soon.
>>>
>>>== Highlights in 4.9.1
>>>
>>>* 3226: [RFE] ipa sudorule-add-user should accept more types of
>>>characters
>>>
>>> IPA now supports users and groups from trusted Active Directory
>>> domains in SUDO rules to specify runAsUser/runAsGroup properties
>>> without an intermediate non-POSIX group membership
>>
>>This means the right way to map an AD group would now be creating
>>a POSIX group that has the AD group as its direct member?
>
>No. The way to include AD users/groups into POSIX groups did not change
>at all.
>
>>Is an intermediate non-POSIX group still needed for HBAC?
>
>Correct.
>
>What changed is that for SUDO rules (and SUDO rules alone) there is a
>way to include AD users/groups into the SUDO rules directly.
>
>The design document explains it in more details:
>https://freeipa.readthedocs.io/en/latest/designs/adtrust/sudorules-with-ad-objects.html
>
>There is one bug right now in SSSD with runAsGroup handling. It will be
>fixed in RHEL 8.4 and CentOS 8 Stream (and Fedora next week, I've been
>told).
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland