13.3.6. Configuring the Red Hat Identity Management Server to Use Cross-Forest Trust
On the Red Hat Identity Management server, configure the server to use cross-forest trust
.
Procedure
Enable HBAC:
- Create an external group and add the AD group to it.
- Add the new external group to a POSIX group.
- Use the POSIX group in a HBAC rule.
Configure sssd to transfer additional attributes of AD users.
Add the AD user attributes to the nss and domain sections in
/etc/sssd/sssd.conf
.For example:
[nss] user_attributes=+mail, +sn, +givenname [domain/EXAMPLE] ldap_user_extra_attrs=mail, sn, givenname