Is there any possibility to use the vault feature for external (AD) users?
Is it true that this feature is only available to native ipa users?
On 30.11.18 09:42, Ronald Wimmer via FreeIPA-users wrote:
Is there any possibility to use the vault feature for external (AD) users? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On to, 20 joulu 2018, Ronald Wimmer via FreeIPA-users wrote:
Is it true that this feature is only available to native ipa users?
'ipa help vault' has this description:
--------------------------------------------------------------------
Based on the ownership there are three vault categories: * user/private vault * service vault * shared vault
User vaults are vaults owned used by a particular user. Private vaults are vaults owned the current user. Service vaults are vaults owned by a service. Shared vaults are owned by the admin but they can be used by other users or services.
--------------------------------------------------------------------
As AD users aren't stored in LDAP, they cannot be made owners.
Could you please file a request asking for this support? I have been working on ability to manage FreeIPA as an AD user (see https://github.com/abbra/freeipa-adusers-admins) but it doesn't work magically on all objects and needs a support for multiple sides. In case of vaults, there are implicit internal assumptions that if it is not a service or a shared vault, it is an IPA user.
On 30.11.18 09:42, Ronald Wimmer via FreeIPA-users wrote:
Is there any possibility to use the vault feature for external (AD) users? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org