Hello Alexander,
will this Version available in Fedora 33 or only in Rawhide?
See you
Dirk
Am 27.01.2021 10:48 schrieb Alexander Bokovoy via FreeIPA-users:
> On ke, 27 tammi 2021, Ronald Wimmer via FreeIPA-users wrote:
>> On 27.01.21 10:11, Alexander Bokovoy via FreeIPA-users wrote:
>>> The FreeIPA team would like to announce FreeIPA 4.9.1 release!
>>>
>>> It can be downloaded from
http://www.freeipa.org/page/Downloads.
>>> Builds
>>> for Fedora distributions will be available from the official
>>> repository
>>> soon.
>>>
>>> == Highlights in 4.9.1
>>>
>>> * 3226: [RFE] ipa sudorule-add-user should accept more types of
>>> characters
>>>
>>> IPA now supports users and groups from trusted Active Directory
>>> domains in SUDO rules to specify runAsUser/runAsGroup properties
>>> without an intermediate non-POSIX group membership
>>
>> This means the right way to map an AD group would now be creating a
>> POSIX group that has the AD group as its direct member?
>
> No. The way to include AD users/groups into POSIX groups did not change
> at all.
>
>> Is an intermediate non-POSIX group still needed for HBAC?
>
> Correct.
>
> What changed is that for SUDO rules (and SUDO rules alone) there is a
> way to include AD users/groups into the SUDO rules directly.
>
> The design document explains it in more details:
>
https://freeipa.readthedocs.io/en/latest/designs/adtrust/sudorules-with-a...
>
> There is one bug right now in SSSD with runAsGroup handling. It will be
> fixed in RHEL 8.4 and CentOS 8 Stream (and Fedora next week, I've been
> told).