From 075e6064be2bd968ec69d25615643f1b396011f1 Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Fri, 4 Aug 2023 00:02:43 +0200
Subject: [PATCH] feat: articles about active directory / ldap integration

---
 knowledge base/realmd.md | 62 ++++++++++++++++++++++++++++++++++++++++
 knowledge base/sssd.md   | 25 ++++++++++++++++
 2 files changed, 87 insertions(+)
 create mode 100644 knowledge base/realmd.md
 create mode 100644 knowledge base/sssd.md

diff --git a/knowledge base/realmd.md b/knowledge base/realmd.md
new file mode 100644
index 0000000..5da2f4b
--- /dev/null
+++ b/knowledge base/realmd.md	
@@ -0,0 +1,62 @@
+# Realmd
+
+On-demand system DBus service allowing callers to configure network authentication and domain membership in a standard way.
+
+Realmd discovers information about the domain or realm automatically, and configures [SSSD] or [Winbind] to manage the actual network authentication and user account lookups.
+
+## Table of contents <!-- omit in toc -->
+
+1. [TL;DR](#tldr)
+1. [Further readings](#further-readings)
+
+## TL;DR
+
+```sh
+# Scan for domains on the network.
+realm discover
+realm discover 'domain.example.com'
+
+# Add the system to domains.
+realm join 'ad.example.com'
+realm join --user='admin' --computer-ou='OU=Special' 'domain.example.com'
+
+# List joined domains.
+realm list
+realm list --all --name-only
+
+# Remove the system from domains.
+realm leave 'ad.example.com'
+
+
+# Enable access to the system for users within configured domains.
+realm permit --all
+realm permit 'username'
+realm permit 'DOMAIN\User2'
+realm permit --withdraw 'user@example.com'
+
+# Restrict access to the system for users within configured domain.
+realm deny --all
+realm deny 'username'
+realm deny 'DOMAIN\User2'
+```
+
+## Further readings
+
+- [Website]
+- [SSSD]
+- [Winbind]
+- [Integrating Linux systems with Active Directory environments]
+
+<!--
+  References
+  -->
+
+<!-- Upstream -->
+[website]: https://www.freedesktop.org/software/realmd/
+
+<!-- Knowledge base -->
+[sssd]: sssd.md
+
+<!-- Others -->
+[integrating linux systems with active directory environments]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/index
+[winbind]: https://www.winbind.org/
diff --git a/knowledge base/sssd.md b/knowledge base/sssd.md
new file mode 100644
index 0000000..079f612
--- /dev/null
+++ b/knowledge base/sssd.md	
@@ -0,0 +1,25 @@
+# SSSD
+
+Acronym for System Security Services Daemon, the open source client for enterprise identity management.
+
+Enrolls Linux hosts into an Active Directory, FreeIPA or LDAP domain using remote identities, policies and various authentication and authorization mechanisms to access it.
+
+## Table of contents <!-- omit in toc -->
+
+1. [Further readings](#further-readings)
+
+## Further readings
+
+- [Website]
+- [Documentation]
+
+<!--
+  References
+  -->
+
+<!-- Upstream -->
+[website]: https://sssd.io/
+[documentation]: https://sssd.io/docs/introduction.html
+
+<!-- Knowledge base -->
+[realmd]: realmd.md