Rockstor Active Directory Integration

I am creating this topic as a place to gather the information regarding Active Directory (AD) integration. This topic is spawned from from AD Service throws an error - #8 by phillxnet.

I will need some extra (virtual) hand holding in working with git; I have experience with SVN and older systems, just not much with git.

Having disclosed that, I want to start to get an overall view of what users need for optimal AD function, before I create a pull request. NOTE: I am heavily biased towards enterprise use of Rockstor :metal:. We have a setup that works well in our environment and I think that it should work as a starting point. In fact, early on I just copied over our config files to my build VM and started SSSD without issue.

The following is me trying to understand what has been done in 
the past and brainstorm some ideas.

So do we need to support both Winbind and SSSD?
(I think we should support both)

Earlier attempts used realmd to join the domain, but found that to be unreliable.
I think that early adopters encountered some of the stibility issues.
One of the commit comments stated “net ads join” is for winbind and SSSD uses realmd. Whiile that is stated in the docs we have had great success using “net ads join” under sssd. I would like to try the hybrid approach if there aren’t compelling reasons not to.

Our config files use many more setting that what appears to be set using the existing interface. Should we add an “advanced” tab to the AD setup dialog?

This ties into the winbind vs sssd selection; obviously we would need an “advanced” template (or whatever) for each method of AD integration. If this sounds reasonable, could I get some insight (the lazy way, by asking :wink: ) into how the config files get populated initially and on update. Phil filled me in on some of the details in the original “AD Service Throws an Error” thread linked above, but sometimes I am slow on the uptake.

Has a configuration management system been considered to implement some of configuration management details? Gitlab-ce uses some interesting techniques with chef. We are a puppet shop and have implemented some ansible scripting as well. There are several options in this area. Worth it?

User help interface: should we add that for the advanced pages of the AD integration. There are several important parameters that need to be set and having a description might help??

Let me know what the community needs from the AD integration and lets see if we can make it work!

1 Like