Add support for AD users to hbactest command

How this works:
  1. When a trusted domain user is tested, AD GC is searched
     for the user entry Distinguished Name
  2. The user entry is then read from AD GC and its SID and SIDs
     of all its assigned groups (tokenGroups attribute) are retrieved
  3. The SIDs are then used to search IPA LDAP database to find
     all external groups which have any of these SIDs as external
     members
  4. All these groups having these groups as direct or indirect
     members are added to hbactest allowing it to perform the search

LIMITATIONS:
- only Trusted Admins group members can use this function as it
  uses secret for IPA-Trusted domain link
- List of group SIDs does not contain group memberships outside
  of the trusted domain

https://fedorahosted.org/freeipa/ticket/2997

0 files changed, 0 insertions, 0 deletions