SSSD
SSSD (System Security Services Daemon) provides access to local/remove identity and authentication resources such as Active Directory and LDAP. It also provides caching and offline support to the system as well as interfaces includeing NSS and PAM modules.
Global SSSD Operations
The global operations of SSSD are getting the getting and updating the global SSSD configuration file.
Get Global SSSD Configuration File
You can use this route to get the global SSSD configuration file. You can check which domains that your system can talk to by checking the parameter domains = $DOMAIN. Your SSSD service requires this parameter after creating an individual SSSD configuration file if you want to add authentication providers such as Active Directory or LDAP. Without this parameter, your SSSD service might fail to start.
Request Object
+ URL
/api/v2/sssd/conf
+ Method
GET
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{}
Response Object
You should get the information of the global SSSD configuration file. The response body object has two properties: raw and json.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"raw": "[sssd]\n\tconfig_file_version = 2\n\tservices = nss, pam\n\tdomains = example.com\n\n[nss]\n\tfilter_users = root\n\tfilter_groups = root\n\n",
"json": {
"sssd": {
"config_file_version": "2",
"services": "nss, pam",
"domains": "example.com"
},
"nss": {
"filter_users": "root",
"filter_groups": "root"
}
}
}
Update Global SSSD Configuration File
After getting the current global SSSD configuration file, you can update it with this route. Please make sure to provide the domains parameter with a domain name that you want to add as your authentication provider. To update the configuration file, please assign the updated file in raw string to the property conf in request body. sssd.service will be restarted after updating the global configuration file, but it is recommended to check the status of sssd.service few seconds after restarting since it may fail to restart if there are problems with the domain server.
Request Object
+ URL
/api/v2/sssd/conf
+ Method
POST
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"conf": "[sssd]\n\tconfig_file_version = 2\n\tservices = nss, pam\n\tdomains = example.com\n\n[nss]\n\tfilter_users = root\n\tfilter_groups = root\n\n"
}
Response Object
You should get a message if you have successfully updated your global SSSD configuration file. Please check the status of sssd.service once you get a success message; SSSD service might fail a few seconds after restarting.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"message": "Successfully set sssd.conf and restarted sssd.service."
}
Individual SSSD Operation
List Domain SSSD configuration files
Send this request to get a list of domain(individual) SSSD configuration files. Each of these individual SSSD files contain the information about your authentication providers.
Request Object
+ URL
/api/v2/sssd/domain
+ Method
GET
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{}
Response Object
The name of each individual SSSD configuration file will be the key in the response body, and the configuration file’s contents will be the value object. Each value object will have raw and json properties.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"examplecom": {
"raw": "[domain/example.com]\n\tid_provider = ldap\n\tldap_uri = ldap://ldap01.example.com\n\tldap_search_base = dc=example,dc=com\n\tldap_id_use_start_tls = true\n\tldap_tls_reqcert = demand\n\tldap_tls_cacert = /etc/ssl/certs/mycacert.pem\n\tauth_provider = krb5\n\tkrb5_server = ldap01.example.com\n\tkrb5_realm = EXAMPLE.COM\n\tcache_credentials = True\n\tdebug_level = 9\n",
"json": {
"domain/example.com": {
"id_provider": "ldap",
"ldap_uri": "ldap://ldap01.example.com",
"ldap_search_base": "dc=example,dc=com",
"ldap_id_use_start_tls": "true",
"ldap_tls_reqcert": "demand",
"ldap_tls_cacert": "/etc/ssl/certs/mycacert.pem",
"auth_provider": "krb5",
"krb5_server": "ldap01.example.com",
"krb5_realm": "EXAMPLE.COM",
"cache_credentials": "True",
"debug_level": "9"
}
}
}
}
Create Domain SSSD configuration file
Create an individual SSSD configuration file for an authentication provider. Please provide the name for this configuration file, domain, and conf as in either string or object. Don’t forget to update your global SSSD configuration file after creating this domain SSSD configuration file. You must add the name of the domain on domains = $DOMAIN line.
Request Object
+ URL
/api/v2/sssd/domain/create
+ Method
POST
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"name": "examplecom",
"domain": "example.com",
"conf": {
"id_provider": "ldap",
"ldap_uri": "ldap://ldap01.example.com",
"ldap_search_base": "dc=example,dc=com",
"ldap_id_use_start_tls": "true",
"ldap_tls_reqcert": "demand",
"ldap_tls_cacert": "/etc/ssl/certs/mycacert.pem",
"auth_provider": "krb5",
"krb5_server": "ldap01.example.com",
"krb5_realm": "EXAMPLE.COM",
"cache_credentials": "True",
"debug_level": "9"
}
}
Response Object
You will get a success message when successfully created a domain SSSD configuration file.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"message": "Successfully created an individual SSSD configuration file: examplecom.conf"
}
Get Domain SSSD configuration file
Get an individual SSSD configuration file. Please pass the name of the file as a request parameter.
Request Object
+ URL
/api/v2/sssd/domain/$NAME/details
+ Method
GET
+ Parameters
name (string, required, URL param) - The name of the domain SSSD configuration file you would like to view; you don't need to include the file extension. (e.g. /api/v2/sssd/domain/examplecom/details)
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{}
Response Object
You will get a success message when successfully created a domain SSSD configuration file.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"raw": "[domain/example.com]\n\tid_provider = ldap\n\tldap_uri = ldap://ldap01.example.com\n\tldap_search_base = dc=example,dc=com\n\tldap_id_use_start_tls = true\n\tldap_tls_reqcert = demand\n\tldap_tls_cacert = /etc/ssl/certs/mycacert.pem\n\tauth_provider = krb5\n\tkrb5_server = ldap01.example.com\n\tkrb5_realm = EXAMPLE.COM\n\tcache_credentials = True\n\tdebug_level = 9\n",
"json": {
"domain/example.com": {
"id_provider": "ldap",
"ldap_uri": "ldap://ldap01.example.com",
"ldap_search_base": "dc=example,dc=com",
"ldap_id_use_start_tls": "true",
"ldap_tls_reqcert": "demand",
"ldap_tls_cacert": "/etc/ssl/certs/mycacert.pem",
"auth_provider": "krb5",
"krb5_server": "ldap01.example.com",
"krb5_realm": "EXAMPLE.COM",
"cache_credentials": "True",
"debug_level": "9"
}
}
}
Update Domain SSSD configuration file
Update an individual SSSD configuration file. Please pass the name of the file as a request parameter, then provide domain and conf in the request body. conf can be either a string or object. Please restart and check the status of sssd.service after updating the domain SSSD configuration file.
Request Object
+ URL
/api/v2/sssd/domain/$NAME/update
+ Method
POST
+ Parameters
name (string, required, URL param) - The name of the domain SSSD configuration file you would like to update; you don't need to include the file extension. (e.g. /api/v2/sssd/domain/examplecom/update)
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"domain": "example.com",
"conf": {
"id_provider": "ldap",
"ldap_uri": "ldap://ldap01.example.com",
"ldap_search_base": "dc=example,dc=com",
"ldap_id_use_start_tls": "true",
"ldap_tls_reqcert": "demand",
"ldap_tls_cacert": "/etc/ssl/certs/mycacert.pem",
"auth_provider": "krb5",
"krb5_server": "ldap01.example.com",
"krb5_realm": "EXAMPLE.COM",
"cache_credentials": "True",
"debug_level": "9"
}
}
Response Object
You will get a success message when successfully created a domain SSSD configuration file.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"message": "Successfully updated an individual SSSD configuration file: examplecom.conf"
}
Delete Domain SSSD configuration file
Delete an individual SSSD configuration file. Please pass the name of the file as a request parameter, then remove the domain name from the global SSSD configuration file. sssd.service should fail after updating the global SSSD configuration file if there’s no value on domains line. If sssd.service fails, your authentication provider is automatically set to Local.
Request Object
+ URL
/api/v2/sssd/domain/$NAME/delete
+ Method
POST
+ Parameters
name (string, required, URL param) - The name of the domain SSSD configuration file you would like to delete; you don't need to include the file extension. (e.g. /api/v2/sssd/domain/examplecom/delete)
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{}