Este conteúdo não está disponível no idioma selecionado.
Chapter 3. How the trust between IdM and AD works
The trust between Identity Management (IdM) and Active Directory (AD) is established on the cross-realm Kerberos trust. This solution uses the Kerberos capability to establish trusts between different identity sources. Therefore, all AD users can:
- Log in to access Linux systems and resources.
- Use single sign-on (SSO).
In the trust relationship, all IdM objects are managed in IdM, while all AD objects are managed in AD.
In complex environments, a single IdM forest can be connected to multiple AD forests. This setup enables better separation of duties for different functions in the organization. AD administrators can focus on users and policies related to users while Linux administrators have full control over the Linux infrastructure. In such a case, the Linux realm controlled by IdM is analogous to an AD resource domain or realm but with Linux systems in it.
From the perspective of AD, Identity Management represents a separate AD forest with a single AD domain. When cross-forest trust is established between an AD forest root domain and an IdM domain, users from the AD forest domains can interact with Linux machines and services from the IdM domain.
In trust environments, IdM enables you to use ID views to configure POSIX attributes for AD users on the IdM server.