On Thu, 10 Apr 2014, Jakub Hrozek wrote:
our current HOWTO[1] on connecting SSSD to an AD DC is outdated, mostly because the page still only introduces the LDAP provider. Recently, me, Sumit and Jeremy Agee wrote a new page that specifically advises to use the AD provider and also use realmd for setup: https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
We started a new page and kept the old one around mostly because pre-1.9 versions still need the LDAP provider info.
I'd like to get some review and feedback from our community so we can link the wiki page from the front page or the documentation section. In addition to the lists, I also CC-ed the individual contributors to the original page directly..I hope that's fine.
Thank you for your comments.
Sorry for the delay in replying, I was off on holiday so hadn't had a chance to properly look through this. The only thought I'd had so far in addition to what's been said was that I didn't like the wording in one section:
# Uncomment and adjust if the default principal SHORTNAME$@REALM is not # available # ldap_sasl_authid = host/client.ad.example.com@AD.EXAMPLE.COM
This is a guide for setting up against AD. Is there *any* realistic circumstance where SHORTNAME$@REALM won't be available?
I'd gleefully delete those two lines.
A minor issue is a slight mix of true/True/false/False. Can we pick one (I'm guessing you prefer True/False).
Possibly some more warnings around the userPrincipalName string attribute, which doesn't have to map to a user principal at all, so is a possible grenade that'll screw the setup.
jh