sr2/docs.sr2.uk
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docs.sr2.uk/docs/operator/identity.md
irl e72c729735 feat: more operator guide
2025-11-09 14:39:28 +00:00

2.5 KiB
Raw Blame History

sidebar_position sidebar_label
40 Identity Management

Identity Management Setup

:::tip If you are using an alternative Identity Management system or local user accounts, skip this page and go straight to Deploying with Ansible. :::

Host Setup

It can be helpful to keep track of the following information in a text editor's buffer until deployment is complete. None of these details are sensitive after the completion of the deployment.

Hostname:
IPv4 Address:
IPv6 Address:
OTP:

Add Host to DNS

  1. Create an A record for the host
  2. Create an AAAA record for the host
  3. Create a null MX record for the host (e.g. example.cdr.link IN MX 0 .)

Add Host to Identity Management

  1. Begin by logging in to the Identity Management server with your privileged identity
  2. Open the Identity tab, and select the Hosts subtab
  3. Click Add at the top of the hosts list
  4. Enter the name of the new host, e.g. example.cdr.link
  5. The IP address will be automatically resolved from DNS, you can leave this blank but may need to allow a moment for the authoritative DNS servers to update
  6. Activate the Generate OTP checkbox
  7. Click Add to add the new host
  8. Save the generated OTP for later

Screenshot of the Add Host Wizard in Identity Management

User Setup

Create the Service User

This is the user on the host that will run the Podman containers.

  1. Open the Identity tab, and select the Users subtab
  2. Click Add at the top of the users list
  3. Enter a Username, we prefix all our Link service users with link_ for easy identification
  4. Enter a First Name and Last Name, these values do not matter but the LDAP schema requires them
  5. Do not enter a New Password as this user will never need to authenticate with a password
  6. Click Add

Screenshot of the Add User Wizard in Identity Management

Generate subordinate IDs for the user

  1. Open the Identity tab, and expand the Subordinate IDs subtab
  2. Choose the Subordinate IDs option from the drop-down menu
  3. Click the Add button in the upper-right corner of the interface
  4. In the Add subid window, select the user you have just created as the Owner
  5. Click Add

The range is automatically generated and managed by Identity Management.

:::tip If you are not using our baseline Ansible role, ensure that the with-subid feature of the sssd authselect profile is enabled to allow hosts to look up subids in LDAP. :::