[deployment-guide/comm-rel: 3/41] remove refs to sss_* tools for BZ585075

dsilas dsilas at fedoraproject.org
Fri Jul 16 08:52:07 UTC 2010 

commit 9c5029f5fe3eb398c16bbf9981953d31c2a37266
Author: David O'Brien <davido at redhat.com>
Date:   Wed Jul 7 11:37:35 2010 +1000

    remove refs to sss_* tools for BZ585075

 en-US/SSSD.xml |   63 ++++++++++++++++++++++++--------------------------------
 1 files changed, 27 insertions(+), 36 deletions(-)
---
diff --git a/en-US/SSSD.xml b/en-US/SSSD.xml
index 4b5ae34..3a96262 100644
--- a/en-US/SSSD.xml
+++ b/en-US/SSSD.xml
@@ -366,12 +366,17 @@ simple_allow_users = user1, user2</screen>
         <para>For example, if you have configured a native LDAP domain, you could specify the following as your <parameter>ldap_uri</parameter> values:</para>
         <screen>ldap_uri = ldap://ldap0.mydomain.org, ldap://ldap1.mydomain.org, ldap://ldap2.mydomain.org</screen>
 
-        <para>In this configuration, <uri>ldap://ldap0.mydomain.org</uri> functions as the primary server. If this server fails, the SSSD failover mechanism first attempts to connect to <uri>ldap1.mydomain.org</uri>, and if that is unavailable, it then attempts to connect to <uri>ldap2.mydomain.org</uri>.</para>
+        <para>In this configuration, <uri>ldap://ldap0.mydomain.org</uri> functions as the primary server. If this server fails, the SSSD failover mechanism first attempts to connect to <uri>ldap1.mydomain.org</uri>, and if that server is unavailable, it then attempts to connect to <uri>ldap2.mydomain.org</uri>.</para>
 
         <para>If the parameter that specifies which server to connect to for the specific domain (for example, <parameter>ldap_uri</parameter>, <parameter>krb5_kdcip</parameter>,&nbsp;&hellip;) is not specified, the back end defaults to using <replaceable>Use service discovery</replaceable>. Refer to <xref linkend="sect-SSSD_User_Guide-Configuring_Domains-Configuring_Failover-Using_SRV_Records_with_Failover"/> for more information on service discovery.</para>
 
-        <important><para>Do not use multiple <parameter>ldap_uri</parameter> parameters to specify your failover servers. The failover servers must be entered as a comma-separated list of values for a single <parameter>ldap_uri</parameter> parameter. If you enter multiple <parameter>ldap_uri</parameter> parameters, SSSD only recognizes the last entry.</para>
-        <para>Future versions of SSSD will throw an error upon receiving additional ldap_uri entries.</para>
+        <important>
+          <para>
+            Do not use multiple <parameter>ldap_uri</parameter> parameters to specify your failover servers. The failover servers must be entered as a comma-separated list of values for a single <parameter>ldap_uri</parameter> parameter. If you enter multiple <parameter>ldap_uri</parameter> parameters, SSSD only recognizes the last entry.
+          </para>
+          <para>
+            Future versions of SSSD will throw an error upon receiving additional <parameter>ldap_uri</parameter> entries.
+          </para>
         </important>
 
         <section id="sect-SSSD_User_Guide-Configuring_Domains-Configuring_Failover-Using_SRV_Records_with_Failover">
@@ -746,7 +751,7 @@ ipauser01:x:937315651:937315651:ipauser01:/home/ipauser01:/bin/sh
           <formalpara id="form-SSSD_User_Guide-Configuring_a_Native_LDAP_Domain-How_to_Authenticate_Against_an_LDAP_Server">
             <title>How to Authenticate Against an LDAP Server</title>
             <para>
-            SSSD does not support authentication over an unencrypted channel. Consequently, if you want to authenticate against an LDAP server, <systemitem class="protocol">TLS/SSL</systemitem> is required. If the LDAP server is used only as an identity provider, an encrypted channel is not needed.
+              SSSD does not support authentication over an unencrypted channel. Consequently, if you want to authenticate against an LDAP server, either <systemitem class="protocol">TLS/SSL</systemitem>, <systemitem class="protocol">LDAPS</systemitem>, or <systemitem class="protocol">LDAP+GSSAPI</systemitem> is required. If the LDAP server is used only as an identity provider, an encrypted channel is not needed.
           </para>
           </formalpara>
             <para>Edit your <filename>/etc/sssd/sssd.conf</filename> file to reflect the following example:</para>
@@ -858,8 +863,14 @@ uid=500(f12server) gid=500(f12server) groups=500(f12server),510(f12tester)
       </indexterm>
 
       <remark>https://bugzilla.redhat.com/show_bug.cgi?id=601870</remark>
+      <para>
+        You can configure SSSD to use Microsoft Active Directory as an LDAP back end, providing both identity and authentication services. If you are using Active Directory 2003, SSSD requires that you install Windows Services for UNIX on the Active Directory machine. This requirement does not apply to Active Directory 2008.
+      </para>
 
-      <para>Edit your <filename>/etc/sssd/sssd.conf</filename> file to reflect the following example:</para>
+      <section><title>Configuring Active Directory 2003 as an LDAP Back End</title>
+        <para>
+          The example <filename>/etc/sssd/sssd.conf</filename> file that ships with SSSD contains the following sample configuration for Active Directory 2003:
+        </para>
 
 <screen># Example LDAP domain where the LDAP server is an Active Directory server.
 
@@ -887,6 +898,14 @@ ldap_user_principal = userPrincipalName
 ldap_group_object_class = group
 ldap_group_name = msSFU30Name
 ldap_group_gid_number = msSFU30GidNumber</screen>
+      </section>
+
+      <!--
+      <section><title>Configuring Active Directory 2008 as an LDAP Back End</title>
+        <para><remark>dummy text</remark></para>
+        <remark>BZ 601870 NEED_INFO=ckannan</remark>
+      </section>-->
+
 
     </section>
 
@@ -971,7 +990,7 @@ krb5_auth_timeout = 15
     <para>This example describes the minimum options that must be configured when using Kerberos authentication. Refer to the <citetitle>sssd-krb5(5)</citetitle> manual page for a full description of all the options that apply to configuring Kerberos authentication.</para>
   </section>
 
-  <!--
+<!--
   <section id="sect-SSSD_User_Guide-Configuring_Domains-Setting_up_SASL_GSSAPI_Authentication">
     <title>Setting up SASL/GSSAPI Authentication</title>
     <indexterm>
@@ -982,6 +1001,7 @@ krb5_auth_timeout = 15
     <remark>https://bugzilla.redhat.com/show_bug.cgi?id=601870</remark>
   </section>-->
 
+
     <!--<section
       id="chap-SSSD_User_Guide-Using_the_SSSD_Management_Tools">
       <title>Using the SSSD Management Tools</title>
@@ -1288,36 +1308,7 @@ passwd: all authentication tokens updated successfully.
                 <filename>sssd_krb5_locator_plugin(8)</filename>
               </para>
             </listitem>
-            <listitem>
-              <para>
-                <filename>sss_groupadd(8)</filename>
-              </para>
-            </listitem>
-            <listitem>
-              <para>
-                <filename>sss_groupdel(8)</filename>
-              </para>
-            </listitem>
-            <listitem>
-              <para>
-                <filename>sss_groupmod(8)</filename>
-              </para>
-            </listitem>
-            <listitem>
-              <para>
-                <filename>sss_useradd(8)</filename>
-              </para>
-            </listitem>
-            <listitem>
-              <para>
-                <filename>sss_userdel(8)</filename>
-              </para>
-            </listitem>
-            <listitem>
-              <para>
-                <filename>sss_usermod(8)</filename>
-              </para>
-            </listitem>
+
             <listitem>
               <para>
                 <filename>pam_sss(8)</filename>

More information about the docs-commits mailing list