SSSD
SSSD (System Security Services Daemon) provides access to local/remove identity and authentication resources such as Active Directory and LDAP. It also provides caching and offline support to the system as well as interfaces includeing NSS and PAM modules.
Global SSSD Operations
The global operations of SSSD are getting the getting and updating the global SSSD configuration file.
Get Global SSSD Configuration File
You can use this route to get the global SSSD configuration file. You can check which domains that your system can talk to by checking the parameter domains = $DOMAIN
. Your SSSD service requires this parameter after creating an individual SSSD configuration file if you want to add authentication providers such as Active Directory or LDAP. Without this parameter, your SSSD service might fail to start.
Request Object
+ URL /api/v2/sssd/conf + Method GET + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
You should get the information of the global SSSD configuration file. The response body object has two properties: raw and json.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "raw": "[sssd]\n\tconfig_file_version = 2\n\tservices = nss, pam\n\tdomains = example.com\n\n[nss]\n\tfilter_users = root\n\tfilter_groups = root\n\n", "json": { "sssd": { "config_file_version": "2", "services": "nss, pam", "domains": "example.com" }, "nss": { "filter_users": "root", "filter_groups": "root" } } }
Update Global SSSD Configuration File
After getting the current global SSSD configuration file, you can update it with this route. Please make sure to provide the domains
parameter with a domain name that you want to add as your authentication provider. To update the configuration file, please assign the updated file in raw string to the property conf
in request body. sssd.service will be restarted after updating the global configuration file, but it is recommended to check the status of sssd.service few seconds after restarting since it may fail to restart if there are problems with the domain server.
Request Object
+ URL /api/v2/sssd/conf + Method POST + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "conf": "[sssd]\n\tconfig_file_version = 2\n\tservices = nss, pam\n\tdomains = example.com\n\n[nss]\n\tfilter_users = root\n\tfilter_groups = root\n\n" }
Response Object
You should get a message if you have successfully updated your global SSSD configuration file. Please check the status of sssd.service once you get a success message; SSSD service might fail a few seconds after restarting.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "message": "Successfully set sssd.conf and restarted sssd.service." }
Individual SSSD Operation
List Domain SSSD configuration files
Send this request to get a list of domain(individual) SSSD configuration files. Each of these individual SSSD files contain the information about your authentication providers.
Request Object
+ URL /api/v2/sssd/domain + Method GET + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
The name of each individual SSSD configuration file will be the key in the response body, and the configuration file’s contents will be the value object. Each value object will have raw and json properties.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "examplecom": { "raw": "[domain/example.com]\n\tid_provider = ldap\n\tldap_uri = ldap://ldap01.example.com\n\tldap_search_base = dc=example,dc=com\n\tldap_id_use_start_tls = true\n\tldap_tls_reqcert = demand\n\tldap_tls_cacert = /etc/ssl/certs/mycacert.pem\n\tauth_provider = krb5\n\tkrb5_server = ldap01.example.com\n\tkrb5_realm = EXAMPLE.COM\n\tcache_credentials = True\n\tdebug_level = 9\n", "json": { "domain/example.com": { "id_provider": "ldap", "ldap_uri": "ldap://ldap01.example.com", "ldap_search_base": "dc=example,dc=com", "ldap_id_use_start_tls": "true", "ldap_tls_reqcert": "demand", "ldap_tls_cacert": "/etc/ssl/certs/mycacert.pem", "auth_provider": "krb5", "krb5_server": "ldap01.example.com", "krb5_realm": "EXAMPLE.COM", "cache_credentials": "True", "debug_level": "9" } } } }
Create Domain SSSD configuration file
Create an individual SSSD configuration file for an authentication provider. Please provide the name
for this configuration file, domain
, and conf
as in either string or object. Don’t forget to update your global SSSD configuration file after creating this domain SSSD configuration file. You must add the name of the domain on domains = $DOMAIN
line.
Request Object
+ URL /api/v2/sssd/domain/create + Method POST + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "name": "examplecom", "domain": "example.com", "conf": { "id_provider": "ldap", "ldap_uri": "ldap://ldap01.example.com", "ldap_search_base": "dc=example,dc=com", "ldap_id_use_start_tls": "true", "ldap_tls_reqcert": "demand", "ldap_tls_cacert": "/etc/ssl/certs/mycacert.pem", "auth_provider": "krb5", "krb5_server": "ldap01.example.com", "krb5_realm": "EXAMPLE.COM", "cache_credentials": "True", "debug_level": "9" } }
Response Object
You will get a success message when successfully created a domain SSSD configuration file.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "message": "Successfully created an individual SSSD configuration file: examplecom.conf" }
Get Domain SSSD configuration file
Get an individual SSSD configuration file. Please pass the name
of the file as a request parameter.
Request Object
+ URL /api/v2/sssd/domain/$NAME/details + Method GET + Parameters name (string, required, URL param) - The name of the domain SSSD configuration file you would like to view; you don't need to include the file extension. (e.g. /api/v2/sssd/domain/examplecom/details) + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
You will get a success message when successfully created a domain SSSD configuration file.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "raw": "[domain/example.com]\n\tid_provider = ldap\n\tldap_uri = ldap://ldap01.example.com\n\tldap_search_base = dc=example,dc=com\n\tldap_id_use_start_tls = true\n\tldap_tls_reqcert = demand\n\tldap_tls_cacert = /etc/ssl/certs/mycacert.pem\n\tauth_provider = krb5\n\tkrb5_server = ldap01.example.com\n\tkrb5_realm = EXAMPLE.COM\n\tcache_credentials = True\n\tdebug_level = 9\n", "json": { "domain/example.com": { "id_provider": "ldap", "ldap_uri": "ldap://ldap01.example.com", "ldap_search_base": "dc=example,dc=com", "ldap_id_use_start_tls": "true", "ldap_tls_reqcert": "demand", "ldap_tls_cacert": "/etc/ssl/certs/mycacert.pem", "auth_provider": "krb5", "krb5_server": "ldap01.example.com", "krb5_realm": "EXAMPLE.COM", "cache_credentials": "True", "debug_level": "9" } } }
Update Domain SSSD configuration file
Update an individual SSSD configuration file. Please pass the name
of the file as a request parameter, then provide domain
and conf
in the request body. conf
can be either a string or object. Please restart and check the status of sssd.service after updating the domain SSSD configuration file.
Request Object
+ URL /api/v2/sssd/domain/$NAME/update + Method POST + Parameters name (string, required, URL param) - The name of the domain SSSD configuration file you would like to update; you don't need to include the file extension. (e.g. /api/v2/sssd/domain/examplecom/update) + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "domain": "example.com", "conf": { "id_provider": "ldap", "ldap_uri": "ldap://ldap01.example.com", "ldap_search_base": "dc=example,dc=com", "ldap_id_use_start_tls": "true", "ldap_tls_reqcert": "demand", "ldap_tls_cacert": "/etc/ssl/certs/mycacert.pem", "auth_provider": "krb5", "krb5_server": "ldap01.example.com", "krb5_realm": "EXAMPLE.COM", "cache_credentials": "True", "debug_level": "9" } }
Response Object
You will get a success message when successfully created a domain SSSD configuration file.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "message": "Successfully updated an individual SSSD configuration file: examplecom.conf" }
Delete Domain SSSD configuration file
Delete an individual SSSD configuration file. Please pass the name
of the file as a request parameter, then remove the domain name from the global SSSD configuration file. sssd.service should fail after updating the global SSSD configuration file if there’s no value on domains
line. If sssd.service fails, your authentication provider is automatically set to Local
.
Request Object
+ URL /api/v2/sssd/domain/$NAME/delete + Method POST + Parameters name (string, required, URL param) - The name of the domain SSSD configuration file you would like to delete; you don't need to include the file extension. (e.g. /api/v2/sssd/domain/examplecom/delete) + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}