Document support for the domain user attribute #424
Conversation
https://bugzilla.redhat.com/show_bug.cgi?id=1424618 This PR provides documentation support for PR 15535 in the ManageIQ/manageiq repo. Both should be merged at the same time.
|
@abellotti and @gtanzillo Please review |
|
@miq-bot add_label bug, authentication |
|
@jvlcek Cannot apply the following label because they are not recognized: authentication |
|
is there a minimum RHEL and sssd version that this doc should mention ? Do we need to same for IPA (appliance_console updating sssd.conf) and the AD setup docs ? |
|
@abellotti Thank you for the input and the reminder to update the appliance_console to configure the external auth with the domainname attribute. PR 250 in the manageiq-gems-pending has the update for the appliance_console I updated this PR to include a note about the OS and SSSD versions. |
auth/active_directory.adoc
Outdated
| @@ -77,6 +77,8 @@ Password for user: xxxxxxxx | |||
|
|
|||
| Update the */etc/sssd/sssd.conf* file as follows: | |||
|
|
|||
| *Note*: Starting with SSSD version 1.15.2, which will be available in CentOS version 7.4, SSSD will provided the domain name as a user attribute. The below examples show how to set _ldap_user_extra_attrs_ and _user_attributes_ to take advantage of this new feature. If running an appliance built with CentOS version prior to CentOS 7.4 do not include _domainname_ for these attributes. | |||
There was a problem hiding this comment.
Typo - will provided should be will provide
There was a problem hiding this comment.
@gtanzillo Thank you. Good catch!
auth/ipa_ad_trust.adoc
Outdated
| @@ -39,9 +39,18 @@ The SSSD configuration file on the IPA Server must be updated to list needed use | |||
|
|
|||
| Add the following entry to the SSSD configuration file /etc/sssd/sssd.conf | |||
|
|
|||
| *Note*: Starting with SSSD version 1.15.2, which will be available in CentOS version 7.4, SSSD will provided the domain name as a user attribute. The below examples show how to set _ldap_user_extra_attrs_ and _user_attributes_ to take advantage of this new feature. If running an appliance built with CentOS version prior to CentOS 7.4 do not include _domainname_ for these attributes. | |||
There was a problem hiding this comment.
@gtanzillo Thank you. Good catch!
auth/ldap.adoc
Outdated
| @@ -103,6 +103,8 @@ Configure SSSD based authentication against LDAP via SSL: | |||
| Edit the different sections in */etc/sssd/sssd.conf* for the Appliance as in the following | |||
| example, customizing the main *[domain/example.com]* section for the particular Ldap installation. | |||
|
|
|||
| *Note*: Starting with SSSD version 1.15.2, which will be available in CentOS version 7.4, SSSD will provided the domain name as a user attribute. The below examples show how to set _ldap_user_extra_attrs_ and _user_attributes_ to take advantage of this new feature. If running an appliance built with CentOS version prior to CentOS 7.4 do not include _domainname_ for these attributes. | |||
There was a problem hiding this comment.
@gtanzillo Thank you. Good catch!
|
@gtanzillo Let me know if you want me to squash the commits. |
|
Checked commits jvlcek/manageiq_docs@5f39058~...4f1d2a2 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0 |
|
@abellotti Can you merge this. @gtanzillo and I reviewed and he is good to merge but unable to. |
|
I can't merge docs myself. /cc @adahms when you get a chance, can you review/merge. Thanks!! |
|
@abellotti - Looks good to me; merging! |
https://bugzilla.redhat.com/show_bug.cgi?id=1424618
This PR provides documentation support for PR 15535 in the ManageIQ/manageiq repo. Both should be merged at the same time.
Note:
This change requires new support in the underlying SSSD code. Updates were
required to provide the domain name when MiQ is configured to use External Authentication (Mode: External (httpd)
The BZs that track this work are:
https://bugzilla.redhat.com/show_bug.cgi?id=1425891
https://bugzilla.redhat.com/show_bug.cgi?id=1455254
The fixes for these BZs are targeted for RHEL 7.4 GA and CentOS 7.4
Therefor this change should not be merged until MiQ appliance builds migrate to RHEL 7.4 GA and CentOS 7.4