I have a few Linux servers using SSSD integrated with Microsoft AD to authenticate AD users.
AD groups are managed by a different department and I'd like to set up another directory to manage my own groups, but I can't just get out of the domain.
So, I'm thinking about installing a new OpenLDAP or IPA server to create my own groups, and to come up with a config in my Linux servers, so they would pull identities/groups from AD and from my LDAP at the same time. So if a user exists in both, the group list that the user belongs to, would be a superset comprised of both group lists.
e.g. - Let's say I have a user John that exists in AD and he is included in AD groups: "group1" and "group2". I would create the user (same uid) in my own directory and include him in "group3". So when the user login to my Linux server, he would be in "group1", "group2", and "group3".
How would that be possible?
Thanks in advance.
