HBAC rule does not work for AD trust users

Solution Verified - Updated -

Issue

  1. In IPA-AD trust, IPA POSIX group is not shown in id aduser command when adding group membership for AD users as AD user --> AD group --> IPA external group --> IPA POSIX group.

  2. However, in the same IPA-AD trust environment, IPA POSIX group is shown in the id aduser command when adding AD user directly into IPA external group as AD user --> IPA external group --> IPA POSIX group.

  3. This affects the HBAC rule which should be applies to the AD groups and AD users in the first scenario.

Environment

  • IPA-AD trust

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content