Hi folks,
I've got a three-node replicating FreeIPA cluster running in AWS with a
one-way trust to an Active Directory domain.
Things work well with respect to user overrides and RBAC rules affecting
client machines but I can't for the life of me figure out the order of
operations for allowing a couple of external AD users to have admin
access to the FreeIPA webUI itself.
There are 3 AD users I'd like to give WebUI admin access to.
So far I've tried the standard stuff I've used for non-IPA clients:
1) make group "corp_admins_external" populated with external
"username(a)domain.com" identities
2) Make group "corp_admins_posix" populated with the
corp_admins_external group
3) Added corp_admins_posix group to the admin group
Best I've been able to do so far is give myself login access to just the
user self-service page and even then that failed until
oddjob-mkhomedir() was running and enabled under authconfig
Is there a guide or a documentation set specific to granting admin
access to the webUI for forms-based login users?
Thanks!
Chris
Show replies by date