[Freeipa-users] Trying to get my head around Delegating admin permissions and groups
Steven Jones
Steven.Jones at vuw.ac.nz
Tue Mar 27 23:19:35 UTC 2012
8><----
Things you can't easily do are things like "Create a desktop user". You
can't easily do this because the group membership is assigned later.
8><----
yep, tahst OK I think......Users will be created by our useradmins initially, in AD and then IPA if there is a need for a UID/linux login.
Later after I have a one way passsync working I will do a one way winsync agreement such that when the useradmin crates the user in the provisioning system which in turn injects it inot AD that is automatically transmitted to IPA. At that point I would want the desktop admin or useradmin to assign that user to group(s).
At least this is how I think we will be working, hopefully that makes sense.
regards
More information about the Freeipa-users
mailing list