On ke, 26 syys 2018, Peter Tselios via FreeIPA-users wrote:
Of course!
Reference: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm... (Example 13.6)
Thanks, this example talks about winsync-synchronised users. This is not using trust to AD functionality but rather represents AD users as native IPA users with some additional attributes/object classes.
Example: AD Group: External Consultants ( I don't have the LDAP entry at the moment). IdM Sudoers: Sudoers
I'll point you to my previous answers on this topic: https://www.redhat.com/archives/freeipa-users/2014-March/msg00295.html https://www.redhat.com/archives/freeipa-users/2016-October/msg00083.html
If you want to add sudo rules for AD users then you shouldn't use automember rules. You just add sudo rules for a POSIX group that includes external group for these AD users. This would be a static rule.