Professional Documents
Culture Documents
IDM-AD Inetgration - Step by Step
IDM-AD Inetgration - Step by Step
A) DNS Forwarding
1) Active Directory Side - for each IDM server, add a similar entry per server
//Method 1 - Add A records in MS AD to point to IDM:
//Method 2:
2) IDM Side - for each AD server, add a similar entry per server
#vim /etc/named.conf
#dnssec-validation no;
// Restart DNS on IDM:
B) Verification
1) AD Side
2) IDM Side
#ipa-adtrust-install
#ipa trust-add --type=ad example.com --admin administrator
2) Verification
#ipa trustdomain-find example.com
#ipa trust-fetch-domains "example.com"
#kinit administrator@example.com
#ipa config-mod –defaultshell=/bin/bash
a) Add users and groups from AD trusted domain to an external group in IDM. External
group serves as a container to reference trusted domain users and groups by their
security identifiers(SID):
//Create external group in IDM for trusted domain admins:
b) Map external group to an existing POSIX group in IDM. This POSIX group will be
assigned proper group id (gid) that will be used as default group for all incoming trusted
domain users mapped to this group
//Create POSIX group for external ad_admins_external group:
c) Verification
//Try to login using any AD account
#su - EXAMPLE.COM\\administrator
#getent passwd administrator@example.com
#ssh 10.44.129.132 -l administrator@example.com
7. References
https://access.redhat.com/articles/1586893 Red Hat Identity Management Documentation
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-
single/integrating_rhel_systems_directly_with_windows_active_directory/index Integrating RHEL
systems directly with Windows Active Directory