[deployment-guide/comm-rel: 571/727] BZ 629223 - Remove references to ldap_user|group_search_base; clarify difference between 2003 and 20
Jaromir Hradilek
jhradile at fedoraproject.org
Tue Oct 19 13:13:00 UTC 2010
commit e13cdbc1d00cd53e20e89b8265e0c5e2b499b2fa
Author: David O'Brien <davido at redhat.com>
Date: Fri Sep 3 12:27:55 2010 +1000
BZ 629223 - Remove references to ldap_user|group_search_base; clarify difference between 2003 and 2003R2/2008 AD config
en-US/SSSD.xml | 27 ++++++++++++++++-----------
1 files changed, 16 insertions(+), 11 deletions(-)
---
diff --git a/en-US/SSSD.xml b/en-US/SSSD.xml
index 9e6368f..2707b41 100644
--- a/en-US/SSSD.xml
+++ b/en-US/SSSD.xml
@@ -909,7 +909,7 @@ ldap_schema = rfc2307
chpass_provider = ldap
ldap_uri = ldap://ldap.mydomain.org
-ldap_user_search_base = dc=mydomain,dc=org
+ldap_search_base = dc=mydomain,dc=org
tls_reqcert = demand
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
</screen>
@@ -1004,11 +1004,12 @@ uid=500(f12server) gid=500(f12server) groups=500(f12server),510(f12tester)
</para>
<note>
<para>
- SFU is not supported on 64-bit operating systems. You should refer to <ulink url="http://support.microsoft.com/kb/920751"></ulink> for more information about which Windows systems can provide a suitable platform for an SSSD LDAP back end.
+ SFU is not supported on 64-bit operating systems. Refer to <ulink url="http://support.microsoft.com/kb/920751"></ulink> for more information about which Windows systems can provide a suitable platform for an SSSD LDAP back end.
</para>
</note>
- <section><title>Configuring Active Directory 2003 as an LDAP Back End</title>
+ <section id="sect-SSSD_User_Guide-Configuring_Domains-Configuring_a_Microsoft_Active_Directory_Domain-Configuring_AD_2003">
+ <title>Configuring Active Directory 2003 as an LDAP Back End</title>
<para>
The example <filename>/etc/sssd/sssd.conf</filename> file that ships with SSSD contains the following sample configuration for Active Directory 2003:
</para>
@@ -1024,8 +1025,7 @@ id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://your.ad.server.com
ldap_schema = rfc2307bis
-ldap_user_search_base = cn=users,dc=example,dc=com
-ldap_group_search_base = cn=users,dc=example,dc=com
+ldap_search_base = dc=example,dc=com
ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = YOUR_PASSWORD
@@ -1042,6 +1042,11 @@ ldap_group_gid_number = msSFU30GidNumber</screen>
<note>
<para>
+ This configuration is specific to Windows Active Directory 2003. Refer to <xref linkend="sect-SSSD_User_Guide-Configuring_Domains-Configuring_a_Microsoft_Active_Directory_Domain-Configuring_AD_2008"/> for information on how to configure Active Directory 2003 R2 and Active Directory 2008.
+ </para>
+ </note>
+ <note>
+ <para>
The above configuration assumes that the certificates are stored in the default location (that is, in <filename>/etc/openldap/cacerts</filename>) and that the <function>c_rehash</function> function has been used to create the appropriate symlinks.
</para>
</note>
@@ -1052,12 +1057,13 @@ ldap_group_gid_number = msSFU30GidNumber</screen>
</formalpara>
</section>
- <section><title>Configuring Active Directory 2008 as an LDAP Back End</title>
+ <section id="sect-SSSD_User_Guide-Configuring_Domains-Configuring_a_Microsoft_Active_Directory_Domain-Configuring_AD_2008">
+ <title>Configuring Active Directory 2003 R2 and 2008 as LDAP Back Ends</title>
<para>
- The configuration of <filename>/etc/sssd/sssd.conf</filename> to support an Active Directory 2008 back end is similar to that for AD 2003. The following example configuration highlights the necessary changes.
+ The configuration of <filename>/etc/sssd/sssd.conf</filename> to support Active Directory 2003 R2 or Active Directory 2008 as a back end is similar to that for AD 2003. The following example configuration highlights the necessary changes.
</para>
-<screen># Example LDAP domain where the LDAP server is an Active Directory 2008 server.
+<screen># Example LDAP domain where the LDAP server is an Active Directory 2003 R2 or an Active Directory 2008 server.
[domain/AD]
description = LDAP domain with AD server
@@ -1071,7 +1077,6 @@ chpass_provider = ldap
ldap_uri = ldap://your.ad.server.com
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_cacert = /etc/openldap/cacerts/test.cer
-ldap_user_search_base = cn=Users,dc=example,dc=com
ldap_search_base = dc=example,dc=com
ldap_default_bind_dn = cn=Administrator,cn=Users,dc=example,dc=com
ldap_default_authtok_type = password
@@ -1163,7 +1168,7 @@ enumerate = false
id_provider = ldap
chpass_provider = krb5
ldap_uri = ldap://ldap.mydomain.org
-ldap_user_search_base = dc=mydomain,dc=org
+ldap_search_base = dc=mydomain,dc=org
tls_reqcert = demand
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt
@@ -1572,7 +1577,7 @@ domain_type = ldap
server = ldap.example.com, ldap3.example.com, 10.0.0.2
# ldap_uri = ldaps://ldap.example.com:9093
# ldap_use_tls = ssl
-ldap_user_search_base = ou=users,dc=ldap,dc=example,dc=com
+ldap_search_base = dc=ldap,dc=example,dc=com
enumerate = false
# Possible overrides
More information about the docs-commits
mailing list