Use SSSD for direct AD integration

asteflova commented 2 months ago

What changes are you introducing?

Introducing a new procedure for direct AD integration + configuring AD as an external authentication source that relies only on SSSD to enroll the system to AD.

Why are you introducing these changes? (Explanation, links to references, issues, etc.)

Currently, the documentation uses Samba + SSSD to perform the joining. That diverges from what the RHEL team is recommending (on the RHEL side, SSSD is the component recommended for direct AD integration). However, right now, on the Foreman side, we recommended Samba.

Anything else to add? (Considerations, potential downsides, alternative solutions you have explored, etc.)

The new procedure based on SSSD doesn't currently configure Kerberos SSO for AD users logging in to Foreman. Without that functionality, there is little point in adding the steps.

Checklists

[x] I am okay with my commits getting squashed when you merge this PR.
[ ] I am familiar with the contributing guidelines.

Please cherry-pick my commits into:

[ ] Foreman 3.12/Katello 4.14 (Satellite 6.16)
[ ] Foreman 3.11/Katello 4.13
[ ] Foreman 3.10/Katello 4.12
[ ] Foreman 3.9/Katello 4.11 (Satellite 6.15; orcharhino 6.8/6.9/6.10)
[ ] Foreman 3.8/Katello 4.10
[ ] Foreman 3.7/Katello 4.9 (Satellite 6.14)
[ ] Foreman 3.6/Katello 4.8
[ ] Foreman 3.5/Katello 4.7 (Satellite 6.13; orcharhino 6.6/6.7)
We do not accept PRs for Foreman older than 3.5.

github-actions[bot] commented 2 months ago

The PR preview for bb87e9d5e564f5e1bc842b9cda3e927367e205f5 is available at theforeman-foreman-documentation-preview-pr-3286.surge.sh

The following output files are affected by this PR:

show diff

show diff as HTML

asteflova commented 3 weeks ago

The SSSD team is going to be rather busy in the upcoming several months so they won't be able to help me move forward with this. I'm closing this PR and if needed, I can revisit later.

theforeman / foreman-documentation