13.3.6. Configuring the Red Hat Identity Management Server to Use Cross-Forest Trust

On the Red Hat Identity Management server, configure the server to use cross-forest trust.

Procedure

  1. Enable HBAC:

    1. Create an external group and add the AD group to it.
    2. Add the new external group to a POSIX group.
    3. Use the POSIX group in a HBAC rule.
  2. Configure sssd to transfer additional attributes of AD users.

    • Add the AD user attributes to the nss and domain sections in /etc/sssd/sssd.conf.

      For example:

      [nss]
      user_attributes=+mail, +sn, +givenname
      
      [domain/EXAMPLE]
      ldap_user_extra_attrs=mail, sn, givenname