psor...@gmail.com writes:
> how can I configure PrivacyIDEA so that some users from certain AD group
> have administrator rights?
I do run privacyidea against FreeIPA, but the idea should work for AD as
well (modulo attribute names).
I have two LDAP resolvers, one for all users and one for admins.
The only difference is the searchfilter:
(memberof=cn=admins,cn=groups,cn=accounts,dc=example,dc=org)
The admin resolver is used in the admin domain, so when I log in as
jochen@admin I have admin rights, but
joc...@example.org is a plain
user.
Jochen
--
The only problem with troubleshooting is that the trouble shoots back.