Hi,
I am looking into migrating an existing deployment of LDAP with hundreds of users and
hundreds of groups into a IPA solution with trust against AD. All users currently exists
with the same names in AD but groups does not, one solution would be adding all those
groups to AD with gidNumber set to only administer the users and groups in AD. External
groups seems to be the solution, but that would require external groups created in the
IPA, I would like to avoid that and have tested with groups only in AD with gidNumber set
and it seems to work, I can at least see the group and SUDO rules works with the group.
So my question is, can you use groups in AD without referencing them in IPA and any please
throw in any other suggestions for trying to have all data in active directory without
having to change anything in the IPA when adding users or groups (or host/netgroups for
that matter)
Thanks
Henrik
Sent from my iPad
Show replies by date