[deployment-guide/comm-rel: 571/727] BZ 629223 - Remove references to ldap_user|group_search_base; clarify difference between 2003 and 20

Jaromir Hradilek jhradile at fedoraproject.org
Tue Oct 19 13:13:00 UTC 2010 

commit e13cdbc1d00cd53e20e89b8265e0c5e2b499b2fa
Author: David O'Brien <davido at redhat.com>
Date:   Fri Sep 3 12:27:55 2010 +1000

    BZ 629223 - Remove references to ldap_user|group_search_base; clarify difference between 2003 and 2003R2/2008 AD config

 en-US/SSSD.xml |   27 ++++++++++++++++-----------
 1 files changed, 16 insertions(+), 11 deletions(-)
---
diff --git a/en-US/SSSD.xml b/en-US/SSSD.xml
index 9e6368f..2707b41 100644
--- a/en-US/SSSD.xml
+++ b/en-US/SSSD.xml
@@ -909,7 +909,7 @@ ldap_schema = rfc2307
 chpass_provider = ldap
 
 ldap_uri = ldap://ldap.mydomain.org
-ldap_user_search_base = dc=mydomain,dc=org
+ldap_search_base = dc=mydomain,dc=org
 tls_reqcert = demand
 ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
 </screen>
@@ -1004,11 +1004,12 @@ uid=500(f12server) gid=500(f12server) groups=500(f12server),510(f12tester)
       </para>
       <note>
         <para>
-          SFU is not supported on 64-bit operating systems. You should refer to <ulink url="http://support.microsoft.com/kb/920751"></ulink> for more information about which Windows systems can provide a suitable platform for an SSSD LDAP back end.
+          SFU is not supported on 64-bit operating systems. Refer to <ulink url="http://support.microsoft.com/kb/920751"></ulink> for more information about which Windows systems can provide a suitable platform for an SSSD LDAP back end.
         </para>
       </note>
 
-      <section><title>Configuring Active Directory 2003 as an LDAP Back End</title>
+      <section id="sect-SSSD_User_Guide-Configuring_Domains-Configuring_a_Microsoft_Active_Directory_Domain-Configuring_AD_2003">
+        <title>Configuring Active Directory 2003 as an LDAP Back End</title>
         <para>
           The example <filename>/etc/sssd/sssd.conf</filename> file that ships with SSSD contains the following sample configuration for Active Directory 2003:
         </para>
@@ -1024,8 +1025,7 @@ id_provider = ldap
 auth_provider = ldap
 ldap_uri = ldap://your.ad.server.com
 ldap_schema = rfc2307bis
-ldap_user_search_base = cn=users,dc=example,dc=com
-ldap_group_search_base = cn=users,dc=example,dc=com
+ldap_search_base = dc=example,dc=com
 ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
 ldap_default_authtok_type = password
 ldap_default_authtok = YOUR_PASSWORD
@@ -1042,6 +1042,11 @@ ldap_group_gid_number = msSFU30GidNumber</screen>
 
         <note>
           <para>
+            This configuration is specific to Windows Active Directory 2003. Refer to <xref linkend="sect-SSSD_User_Guide-Configuring_Domains-Configuring_a_Microsoft_Active_Directory_Domain-Configuring_AD_2008"/> for information on how to configure Active Directory 2003 R2 and Active Directory 2008.
+          </para>
+        </note>
+        <note>
+          <para>
             The above configuration assumes that the certificates are stored in the default location (that is, in <filename>/etc/openldap/cacerts</filename>) and that the <function>c_rehash</function> function has been used to create the appropriate symlinks.
           </para>
         </note>
@@ -1052,12 +1057,13 @@ ldap_group_gid_number = msSFU30GidNumber</screen>
         </formalpara>
       </section>
 
-      <section><title>Configuring Active Directory 2008 as an LDAP Back End</title>
+      <section id="sect-SSSD_User_Guide-Configuring_Domains-Configuring_a_Microsoft_Active_Directory_Domain-Configuring_AD_2008">
+        <title>Configuring Active Directory 2003 R2 and 2008 as LDAP Back Ends</title>
         <para>
-          The configuration of <filename>/etc/sssd/sssd.conf</filename> to support an Active Directory 2008 back end is similar to that for AD 2003. The following example configuration highlights the necessary changes.
+          The configuration of <filename>/etc/sssd/sssd.conf</filename> to support Active Directory 2003 R2 or Active Directory 2008 as a back end is similar to that for AD 2003. The following example configuration highlights the necessary changes.
         </para>
 
-<screen># Example LDAP domain where the LDAP server is an Active Directory 2008 server.
+<screen># Example LDAP domain where the LDAP server is an Active Directory 2003 R2 or an Active Directory 2008 server.
 
 [domain/AD]
 description = LDAP domain with AD server
@@ -1071,7 +1077,6 @@ chpass_provider = ldap
 ldap_uri = ldap://your.ad.server.com
 ldap_tls_cacertdir = /etc/openldap/cacerts
 ldap_tls_cacert = /etc/openldap/cacerts/test.cer
-ldap_user_search_base = cn=Users,dc=example,dc=com
 ldap_search_base = dc=example,dc=com
 ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
 ldap_default_authtok_type = password
@@ -1163,7 +1168,7 @@ enumerate = false
 id_provider = ldap
 chpass_provider = krb5
 ldap_uri = ldap://ldap.mydomain.org
-ldap_user_search_base = dc=mydomain,dc=org
+ldap_search_base = dc=mydomain,dc=org
 tls_reqcert = demand
 ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
 
@@ -1572,7 +1577,7 @@ domain_type = ldap
 server = ldap.example.com, ldap3.example.com, 10.0.0.2
 # ldap_uri = ldaps://ldap.example.com:9093
 # ldap_use_tls = ssl
-ldap_user_search_base = ou=users,dc=ldap,dc=example,dc=com
+ldap_search_base = dc=ldap,dc=example,dc=com
 enumerate = false
 
 # Possible overrides

More information about the docs-commits mailing list