Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v14] Allow for Windows PKI operations to target a different domain #33275

Merged
merged 1 commit into from Oct 12, 2023
Merged

[v14] Allow for Windows PKI operations to target a different domain #33275

merged 1 commit into from Oct 12, 2023

Conversation

zmb3
Copy link
Collaborator

@zmb3 zmb3 commented Oct 10, 2023

Backport #33218 to branch/v14

@zmb3
Allow for Windows PKI operations to target a different domain
11b3001 
Today, our AD support largely assumes there is a single active directory
domain. The certificates that we generate are for users in this domain,
the computers we discover via LDAP come from this domain, and the PKI
set up we perform targets this domain.

In more complicated AD configurations, PKI is often configured in a root
domain, while users, servers, and discovery should be done against a
child domain.

The new pki_domain configuration field will allow you to override the
default domain specified in the ldap section with a root domain that is
used for configuring the NTAuth store and publishing the CRL. Teleport
continues to do discovery and issue certificates for the domain
specified in the ldap section of the config.
@zmb3 zmb3 added this pull request to the merge queue Oct 12, 2023
Merged via the queue into branch/v14 with commit 53cd531 Oct 12, 2023
23 checks passed
@zmb3 zmb3 deleted the bot/backport-33218-branch/v14 branch October 12, 2023 17:57
@camscale camscale mentioned this pull request Oct 16, 2023
Merged
@BrewTestBot BrewTestBot mentioned this pull request Oct 19, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ibeckermayer ibeckermayer ibeckermayer approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees
No one assigned
Labels
backport desktop-access size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@zmb3 @ibeckermayer @rosstimothy