On Mon, Apr 20, 2020 at 08:39:33PM -0000, Michael Dahlberg wrote: > I'm attempting to setup SSSD using AD as the id provider. All the > documentation that I've found results in the linux system joining the > AD domain when configuring sssd in this manner. I would like to > configure sssd running on RHEL to just do authorization > (access_provider) against the AD domain and *not* actually join the AD
Hi, based on which information do you want to do the access control? Group-memberships? AD requires authentication, so if you want to read something from AD you need credentials. Typically you get them during the join, but you can use a service account as well and use 'ldap_default_bind_dn' and 'ldap_default_authtok' (see man sssd-ldap for details). > domain. I assume that this would mean I should not set > "access_provider = ad". Instead should this value be set to ldap? > > If I configure sssd to use LDAP as the access provider, how would I > address the Active Directory domain ad.example.com using the "ldap://"; > notation? Would there be any other changes that I would need to I would recommend to not set 'ldap_uri' at all, in this case SSSD will use DNS SRV lookups to find LDAP servers in you domain. You might need the 'dns_discovery_domain' option (see man ssssd.conf) if the domain name given in the [domain/your.domain.name] section header does not match the name of the AD domain. HTH bye, Sumit > address in the sssd.conf examples that use ldap as the access > provider? > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
