Split AD join doc

Reorganise the AD join documentation in join from the installer and join
later on manually. Also add details on SSSD and Winbind

docs/.wordlist.txt

@@ -65,6 +65,7 @@ Makefile
 multiline
 MyST
 namespace
+OpenLDAP
 OU
 OUs
 Permalink

docs/how-to/index.md

@@ -20,7 +20,8 @@ This section outlines how to join your client machine to the domain, install ADS
 
 ```{toctree}
 :titlesonly:
-Join machine to AD <join-machine-ad>
+Join machine to AD during installation<join-ad-installation>
+Join machine to AD manually<join-ad-manually>
 Set up ADSys <set-up-adsys>
 ```
 

docs/how-to/join-machine-ad.md → docs/how-to/join-ad-installation.md

@@ -1,11 +1,8 @@
-# How to join an Active Directory domain
+# How to join an Active Directory domain during installation
 
 In order to use Group Policies on an Ubuntu client, the first thing to do is, of course, to join the computer to an Active Directory domain.
 
-There are 2 ways to join an AD domain:
-
- 1. At installation time with the Ubuntu Desktop installer.
- 1. After installation, by manually setting up the connection to AD.
+A machine can join an AD domain at installation time with the Ubuntu Desktop installer, or after installation, by manually setting up the connection to AD.
 
 ## Join at installation time
 
@@ -32,28 +29,3 @@ Once all the information has been entered and is valid, press **"Continue"** to
 At the end of the installation you can reboot the machine and you are ready to log in as a user of the domain on first boot.
 
 If anything goes wrong with the join process during installation, you will be notified by a dialog box. You can still reboot the machine, log in as the administrator user of the machine (i.e. the user you entered in the page **"Who are you?"**) and troubleshoot the issue. The [Ubuntu Server Guide](https://ubuntu.com/server/docs/service-sssd) provides instructions to perform such troubleshooting.
-
-## Join manually using SSSD
-
-The purpose of this document is to describe how to operate ADSys. So we won’t do an in depth description of the operations to manually configure a connection to Active Directory from an Ubuntu Client.
-
-Authentication of Ubuntu against the Active Directory server requires to configure SSSD and Kerberos. SSSD will then retrieve the credentials and the initial security policy of the `Default Domain Policy`.
-
-All these operations are perfectly described in the [Ubuntu Server Guide “Service - SSSD”](https://ubuntu.com/server/docs/service-sssd) and the White Paper [How to integrate Ubuntu Desktop with Active Directory](https://ubuntu.com/engage/microsoft-active-directory).
-
-## Join manually using Winbind
-
-In addition to SSSD, ADSys supports using Winbind as a backend. The easiest way to join a domain using Winbind is to use the `realmd` utility, as described in the [Samba - Active Directory](https://ubuntu.com/server/docs/samba-active-directory) guide.
-
-ADSys uses SSSD as a default backend, so Winbind has to be opted into explicitly via the following configuration option in `adsys.yaml`:
-
-```yaml
-ad_backend: winbind
-```
-
-In addition, Winbind requires additional dependencies to be installed. On Ubuntu-based systems they can be installed by executing the following command, prior to ADSys:
-
-```sh
-sudo apt update
-sudo apt install winbind krb5-user
-```

docs/how-to/join-ad-manually.md

@@ -0,0 +1,31 @@
+# How to join an Active Directory domain manually
+
+ADSys supports two Active Directory backends:
+
+1. [SSSD](https://sssd.io/), or System Security Services Daemon, provides access to centralized identity management systems like Microsoft Active Directory, OpenLDAP, and various other directory servers. This client component retrieves and caches data from remote directory servers, delivering identity, authentication, and authorization services to the host machine.
+2. [Winbind](https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC) is a component of the Samba suite that provides seamless integration and authentication services between UNIX or Linux systems and Windows-based networks, allowing the former to appear as members in a Windows Active Directory domain.
+
+## Join manually using SSSD
+
+The aim of this documentation is to describe how to operate ADSys. So we won’t do an in depth description of the operations to manually configure a connection to Active Directory from an Ubuntu Client.
+
+Authentication of Ubuntu against the Active Directory server requires to configure SSSD and Kerberos. SSSD will then retrieve the credentials and the initial security policy of the `Default Domain Policy`.
+
+All these operations are described in details in the [Ubuntu Server Guide “Service - SSSD”](https://ubuntu.com/server/docs/service-sssd) and the White Paper [How to integrate Ubuntu Desktop with Active Directory](https://ubuntu.com/engage/microsoft-active-directory).
+
+## Join manually using Winbind
+
+In addition to SSSD, ADSys supports Winbind as a backend. The easiest way to join a domain using Winbind is to use the `realmd` utility, as described in the [Samba - Active Directory](https://ubuntu.com/server/docs/samba-active-directory) guide.
+
+ADSys uses SSSD as a default backend, so Winbind has to be opted into explicitly via the following configuration option in `adsys.yaml`:
+
+```yaml
+ad_backend: winbind
+```
+
+In addition, Winbind requires additional dependencies to be installed. On Ubuntu-based systems they can be installed by executing the following command, prior to ADSys:
+
+```sh
+sudo apt update
+sudo apt install winbind krb5-user
+```

docs/reference/index.md

@@ -2,7 +2,7 @@
 
 This section consolidates technical details on ADSys, including specifications, APIs, and architecture.
 
-On the linux side, ADSys is composed of a daemon and a command line interface:
+On the Linux side, ADSys is composed of a daemon and a command line interface:
 
 * The daemon - `adsysd` - implements the Group Policy protocol. It relies on Kerberos, Samba and LDAP for authentication and policy retrieval.
 * The command line interface - `adsysctl` - controls the daemon and reports its status.