A SaltStack formula that join GNU/Linux and Windows systems to an Active Directory.
Table of Contents
See the full SaltStack Formulas installation and usage instructions.
If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.
If you want to use this formula, please pay attention to the FORMULA file and/or git tag,
which contains the currently released version. This formula is versioned according to Semantic Versioning.
See Formula Versioning Section for more details.
If you need (non-default) configuration, please refer to:
- how to configure the formula with map.jinja
- the pillar.examplefile
- the Special notes section
Commit message formatting is significant!!
Please see How to contribute for more details.
pre-commit is configured for this formula, which you may optionally use to ease the steps involved in submitting your changes.
First install  the pre-commit package manager using the appropriate method, then run bin/install-hooks and
now pre-commit will run automatically on each git commit.
$ bin/install-hooks pre-commit installed at .git/hooks/pre-commit pre-commit installed at .git/hooks/commit-msg
None
- ad.join
- ad.member
- ad.member.linux
- ad.member.linux.package
- ad.member.linux.package.conflicts
- ad.member.linux.package.install
- ad.member.linux.config
- ad.member.linux.config.krb5
- ad.member.linux.config.sssd
- ad.member.linux.join
- ad.member.linux.service
- ad.member.linux.service.running
- ad.member.windows
- ad.member.windows.join
- ad.leave
- ad.member.clean
- ad.member.linux.clean
- ad.member.linux.leave
- ad.member.linux.config.clean
- ad.member.linux.package.clean
- ad.member.windows.clean
- ad.member.windows.leave
Meta-state (This is a state that includes other states).
This state will join a system to an Active Directory with a login and password.
It depends on:
Meta-state (This is a state that includes other states).
Take all steps required to make the system an Active Directory member.
It depends on states related to the kernel, actually:
Meta-state (This is a state that includes other states).
Join a GNU/Linux system to an Active Directory.
It depends on:
Meta-state (This is a state that includes other states).
Manage packages required and conflicting with the join of the system to an Active Directory.
It depends on:
Remove any conflicting packages with the tools used to join the Active Directory.
Install packages required to join the Active Directory.
Meta-state (This is a state that includes other states).
Configure the system in preparation of the Active Directory join.
It depends on:
Configure krb5.conf for Active Directory.
Configure the sssd service for the ad.realm, for example to enable or disable the fully qualified names and the pattern of home dirs fallback for users without the unixHomeDirectory LDAP attribute.
It depends on:
Join a GNU/Linux system to an Active Directory using the realm join command.
It depends on:
Meta-state (This is a state that includes other states).
Restart the sssd service.
Restart the sssd service.
It watches:
- ad.member.linux.join to restart the service after joining the domain
Meta-state (This is a state that includes other states).
Join a Microsoft Windows system to an Active Directory.
It depends on:
Join a Microsoft Windows system to an Active Directory and restart the system if required.
Meta-state (This is a state that includes other states).
Remove the system from an Active Directory with a login and password.
It depends on:
Meta-state (This is a state that includes other states).
Take all steps required to make the system leave an Active Directory.
It depends on states related to the kernel, actually:
Meta-state (This is a state that includes other states).
Remove a GNU/Linux system from an Active Directory.
It depends on:
Remove a GNU/Linux system from an Active Directory using realm leave.
Remove the configuration in place.
Remove required packages to join the Active Directory.
Meta-state (This is a state that includes other states).
Remove a Microsoft Windows system from an Active Directory.
It depends on ad.member.windows.leave
Remove a Microsoft Windows system from an Active Directory and reboot the system if required.
The testing requires a working Active Directory and is not actually automated.