uyuni-project · keichwa · Jan 8, 2025 · Jan 8, 2025 · Jan 8, 2025 · Jan 8, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,5 @@
+- Added example for LDAP integration with Active Directory in
+  Administration Guide (bsc#1233696)
 - Updated ports listing according to hidden ports file and fixed
   references in Installation and Upgrade Guide
 - Updated Troubleshooting Autoinstallation in Administration Guide

diff --git a/modules/administration/pages/auth-methods-pam.adoc b/modules/administration/pages/auth-methods-pam.adoc
@@ -16,19 +16,23 @@ PAM is a suite of libraries that allows you to integrate {productname} with a ce
 In usernames, additionally to alphanumeric characters, [literal]``-``, [literal]``_``, [literal]``.``, and [literal]``@`` are allowed.
 ====
 . Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox.
-. Configure SSSD in the container.
-  Connect inside the container using:
+. Configure SSSD in the server container.
+  At the command prompt of the {productname} container host, as root, enter the server container:
 +
+
 ----
 mgrctl term
 ----
-Then change the file
+
+. Inside the container, execute the following steps:
++
+.. Edit [path]``/etc/sssd/sssd.conf`` according to your configuration.
+   For an example, see xref:administration:auth-methods-pam.adoc#auth-methods-pam-ad[].
+.. When done, exit the container:
 +
 ----
-/etc/sssd/sssd.conf
+exit
 ----
-+
-. Set [literal]``krb5_keytab`` in ``domain/$domain`` to [literal]``/etc/sssd/krb5.keytab``
 . Restart {productname} using:
 +
 ----
@@ -46,6 +50,52 @@ Use the password change mechanism of your network service to change the password
 ====
 
 
-For more information about configuring PAM, the SUSE Linux Enterprise Server Security Guide contains a generic example that also works for other network-based authentication methods.
-It also describes how to configure an active directory service.
+For more information about PAM configuration, see the {sles} Security Guide. The Security Guide contains a generic example that also works for other network-based authentication methods.
+It also describes how to configure an Active Directory (AD) service.
 For more information, see {sles-base-os-documentation}/part-auth.html.
+
+
+
+[[auth-methods-pam-ad]]
+=== LDAP Integration with Active Directory Example
+
+For LDAP integration with Active Directory, you can use the following example.
+
+In the code snippet, change the following placeholders according to your environment:
+
+[literal]``$domain``::
+Your domain name
+[literal]``$ad_server``::
+FQDN of the AD server if it is not auto-detected from the [literal]``$domain``
+[literal]``$uyuni-hostname``:
+The name of the machine this AD client is supposed to be known.
+If not set, it will be [literal]``uyuni-server.mgr.internal``.
+
+
+Example snippet for [path]``/etc/sssd/sssd.conf``:
+
+----
+[sssd]
+config_file_version = 2
+services = nss, pam
+domains = $domain
+
+[nss]
+
+[pam]
+
+[domain/$domain]
+id_provider = ad
+chpass_provider = ad
+access_provider = ad
+auth_provider = ad
+
+ad_domain = $domain
+ad_server = $ad_server
+ad_hostname = $uyuni-hostname
+
+ad_gpo_map_network = +susemanager
+
+krb5_keytab = FILE:/etc/rhn/krb5.conf.d/krb5.keytab
+krb5_ccname_template = FILE:/tmp/krb5cc_%{uid}
+----