example for LDAP integration with Active Directory (#3580)

* example for LDAP integration with Active Directory https://bugzilla.suse.com/show_bug.cgi?id=1233696 SUSE/spacewalk#25863 uyuni-project/uyuni#9597
uyuni-project · Jan 8, 2025 · 7cd2c48 · 7cd2c48
1 parent bccca1e
commit 7cd2c48
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,9 @@
-- Added external link for creating virtual network peer for Azure in 
+- Added example for LDAP integration with Active Directory in
+  Administration Guide (bsc#1233696)
+- Updated ports listing according to hidden ports file and fixed
+  references in Installation and Upgrade Guide
+- Updated Troubleshooting Autoinstallation in Administration Guide
+- Added external link for creating virtual network peer for Azure in
   Specialized Gudes (bsc#1234441)
 - Clarified SSH authentication methods during Web UI bootstrap process in
   Client Configuration Guide (bsc#1233497)

diff --git a/modules/administration/pages/auth-methods-pam.adoc b/modules/administration/pages/auth-methods-pam.adoc
@@ -16,19 +16,23 @@ PAM is a suite of libraries that allows you to integrate {productname} with a ce
 In usernames, additionally to alphanumeric characters, [literal]``-``, [literal]``_``, [literal]``.``, and [literal]``@`` are allowed.
 ====
 . Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox.
-. Configure SSSD in the container.
-  Connect inside the container using:
+. Configure SSSD in the server container.
+  At the command prompt of the {productname} container host, as root, enter the server container:
 +
+
 ----
 mgrctl term
 ----
-Then change the file
+
+. Inside the container, execute the following steps:
++
+.. Edit [path]``/etc/sssd/sssd.conf`` according to your configuration.
+   For an example, see xref:administration:auth-methods-pam.adoc#auth-methods-pam-ad[].
+.. When done, exit the container:
 +
 ----
-/etc/sssd/sssd.conf
+exit
 ----
-+
-. Set [literal]``krb5_keytab`` in ``domain/$domain`` to [literal]``/etc/sssd/krb5.keytab``
 . Restart {productname} using:
 +
 ----
@@ -46,6 +50,52 @@ Use the password change mechanism of your network service to change the password
 ====
 
 
-For more information about configuring PAM, the SUSE Linux Enterprise Server Security Guide contains a generic example that also works for other network-based authentication methods.
-It also describes how to configure an active directory service.
+For more information about PAM configuration, see the {sles} Security Guide. The Security Guide contains a generic example that also works for other network-based authentication methods.
+It also describes how to configure an Active Directory (AD) service.
 For more information, see {sles-base-os-documentation}/part-auth.html.
+
+
+
+[[auth-methods-pam-ad]]
+=== LDAP Integration with Active Directory Example
+
+For LDAP integration with Active Directory, you can use the following example.
+
+In the code snippet, change the following placeholders according to your environment:
+
+[literal]``$domain``::
+Your domain name
+[literal]``$ad_server``::
+FQDN of the AD server if it is not auto-detected from the [literal]``$domain``
+[literal]``$uyuni-hostname``:
+The name of the machine this AD client is supposed to be known.
+If not set, it will be [literal]``uyuni-server.mgr.internal``.
+
+
+Example snippet for [path]``/etc/sssd/sssd.conf``:
+
+----
+[sssd]
+config_file_version = 2
+services = nss, pam
+domains = $domain
+
+[nss]
+
+[pam]
+
+[domain/$domain]
+id_provider = ad
+chpass_provider = ad
+access_provider = ad
+auth_provider = ad
+
+ad_domain = $domain
+ad_server = $ad_server
+ad_hostname = $uyuni-hostname
+
+ad_gpo_map_network = +susemanager
+
+krb5_keytab = FILE:/etc/rhn/krb5.conf.d/krb5.keytab
+krb5_ccname_template = FILE:/tmp/krb5cc_%{uid}
+----