def configure_sssd(bind_dn, bind_pw):
from SSSDConfig import SSSDConfig
sssdconfig = SSSDConfig()
sssdconfig.import_config('/etc/sssd/sssd.conf')
domain = sssdconfig.get_domain('default')
domain.add_provider('ldap', 'id')
domain.set_option('ldap_tls_reqcert', 'demand')
domain.set_option('ldap_tls_cacert', '/etc/ssl/certs/ca-bundle.crt')
domain.set_option('ldap_default_bind_dn', bind_dn)
domain.set_option('ldap_default_authtok', bind_pw)
domain.set_option('enumerate', True)
domain.remove_option('ldap_tls_cacertdir')
domain.set_active(True)
sssdconfig.save_domain(domain)
sssdconfig.write()
def configure_sssd(bind_dn, bind_pw):
from SSSDConfig import SSSDConfig
sssdconfig = SSSDConfig()
sssdconfig.import_config('/etc/sssd/sssd.conf')
domain = sssdconfig.get_domain('default')
domain.add_provider('ldap', 'id')
domain.set_option('ldap_tls_reqcert', 'demand')
domain.set_option('ldap_tls_cacert', '/etc/ssl/certs/ca-bundle.crt')
domain.set_option('ldap_default_bind_dn', bind_dn)
domain.set_option('ldap_default_authtok', bind_pw)
domain.set_option('enumerate', True)
domain.remove_option('ldap_tls_cacertdir')
domain.set_active(True)
sssdconfig.save_domain(domain)
sssdconfig.write()
def modify_sssd_conf(host,
domain,
mod_dict,
provider='ipa',
provider_subtype=None):
"""
modify options in a single domain section of host's sssd.conf
:param host: multihost.Host object
:param domain: domain section name to modify
:param mod_dict: dictionary of options which will be passed to
SSSDDomain.set_option(). To remove an option specify its value as
None
:param provider: provider backend to set. Defaults to ipa
:param provider_subtype: backend subtype (e.g. id or sudo), will be added
to the domain config if not present
"""
fd, temp_config_file = tempfile.mkstemp()
os.close(fd)
try:
current_config = host.transport.get_file_contents(paths.SSSD_CONF)
with open(temp_config_file, 'wb') as f:
f.write(current_config)
sssd_config = SSSDConfig()
sssd_config.import_config(temp_config_file)
sssd_domain = sssd_config.get_domain(domain)
if provider_subtype is not None:
sssd_domain.add_provider(provider, provider_subtype)
for m in mod_dict:
sssd_domain.set_option(m, mod_dict[m])
sssd_config.save_domain(sssd_domain)
new_config = sssd_config.dump(sssd_config.opts).encode('utf-8')
host.transport.put_file_contents(paths.SSSD_CONF, new_config)
finally:
try:
os.remove(temp_config_file)
except OSError:
pass
def modify_sssd_conf(host, domain, mod_dict, provider='ipa',
provider_subtype=None):
"""
modify options in a single domain section of host's sssd.conf
:param host: multihost.Host object
:param domain: domain section name to modify
:param mod_dict: dictionary of options which will be passed to
SSSDDomain.set_option(). To remove an option specify its value as
None
:param provider: provider backend to set. Defaults to ipa
:param provider_subtype: backend subtype (e.g. id or sudo), will be added
to the domain config if not present
"""
fd, temp_config_file = tempfile.mkstemp()
os.close(fd)
try:
current_config = host.transport.get_file_contents(paths.SSSD_CONF)
with open(temp_config_file, 'wb') as f:
f.write(current_config)
sssd_config = SSSDConfig()
sssd_config.import_config(temp_config_file)
sssd_domain = sssd_config.get_domain(domain)
if provider_subtype is not None:
sssd_domain.add_provider(provider, provider_subtype)
for m in mod_dict:
sssd_domain.set_option(m, mod_dict[m])
sssd_config.save_domain(sssd_domain)
new_config = sssd_config.dump(sssd_config.opts).encode('utf-8')
host.transport.put_file_contents(paths.SSSD_CONF, new_config)
finally:
try:
os.remove(temp_config_file)
except OSError:
pass
def __init__(self, config_file=_CONFIG_SSSD_CONF_FILE):
self._sssdconfig = SSSDConfig()
self._sssdconfig.import_config(config_file)
def __init__(self):
SSSDConfig.__init__(self)
class SSSD(object):
"""SSSD"""
def __init__(self, config_file=_CONFIG_SSSD_CONF_FILE):
self._sssdconfig = SSSDConfig()
self._sssdconfig.import_config(config_file)
def _get_service_objects(self):
return [
self._sssdconfig.get_service(service_name)
for service_name in self._sssdconfig.list_services()
]
def _get_domain_objects(self):
return [
self._sssdconfig.get_domain(domain_name)
for domain_name in self._sssdconfig.list_domains()
]
def _debug_all_services(self, debug_level, leave_higher=True):
for srv in self._get_service_objects():
if leave_higher and 'debug_level' in srv.options \
and srv.options['debug_level'] >= debug_level:
continue
srv.set_option('debug_level', debug_level)
self._sssdconfig.save_service(srv)
def _debug_all_domains(self, debug_level, leave_higher=True):
for dom in self._get_domain_objects():
if leave_higher and 'debug_level' in dom.options \
and dom.options['debug_level'] >= debug_level:
continue
dom.set_option('debug_level', debug_level)
self._sssdconfig.save_domain(dom)
def _write(self):
self._sssdconfig.write()
def _restart(self):
print 'Condrestarting SSSD'
if call(['systemctl', 'condrestart', 'sssd']) != 0:
raise ExternalCommandError('Failed to condrestart SSSD')
def get_domains(self):
domains = self._sssdconfig.list_domains()
print 'SSSD domains: ' + ', '.join(domains)
return domains
def get_realms(self):
realms = []
for dom in self._get_domain_objects():
if 'ipa_domain' in dom.options:
realms.append(dom.options['ipa_domain'].upper())
else:
realms.append(dom.name.upper())
print 'Realms: ' + ', '.join(realms)
return realms
def is_server(self):
for dom in self._get_domain_objects():
if 'ipa_server_mode' in dom.options \
and dom.options['ipa_server_mode']:
print 'SSSD is running in server mode'
return True
print 'SSSD is running in client mode'
return False
def enable_debug(self, debug_level=2, leave_higher=True):
print 'Setting SSSD debug level to ' + str(debug_level)
self._debug_all_services(debug_level, leave_higher)
self._debug_all_domains(debug_level, leave_higher)
self._write()
self._restart()
#!/usr/bin/python
# Author: Shridhar Gadekar
# Date: 11th August 2016
# Purpose: This script will modify and set an option 'user' from [sssd] section of sssd.conf and set it to the non root user such as a sysetm user called 'sssd'.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from SSSDConfig import SSSDConfig
sssdconfig = SSSDConfig()
sssdconfig.import_config('/etc/sssd/sssd.conf')
sssd_option = sssd.config.get_service('sssd')
sssd_option.set_option('user', 'sssd')
sssd_option.save_service('sssd_options')
sssdconfig.write()
#!/usr/bin/python
# This piece of code is from SSSD documentions, i've modified it for testing purpose
from SSSDConfig import SSSDConfig
sssdconfig = SSSDConfig()
sssdconfig.import_config('/etc/sssd/sssd.conf')
ldap_domain = sssdconfig.get_domain('ipa.test')
ldap_domain.set_option('enumerate', False)
sssdconfig.save_domain(ldap_domain)
def __init__(self, config_file=_CONFIG_SSSD_CONF_FILE):
self._sssdconfig = SSSDConfig()
self._sssdconfig.import_config(config_file)
class SSSD(object):
"""SSSD"""
def __init__(self, config_file=_CONFIG_SSSD_CONF_FILE):
self._sssdconfig = SSSDConfig()
self._sssdconfig.import_config(config_file)
def _get_service_objects(self):
return [self._sssdconfig.get_service(service_name)
for service_name in self._sssdconfig.list_services()]
def _get_domain_objects(self):
return [self._sssdconfig.get_domain(domain_name)
for domain_name in self._sssdconfig.list_domains()]
def _debug_all_services(self, debug_level, leave_higher=True):
for srv in self._get_service_objects():
if leave_higher and 'debug_level' in srv.options \
and srv.options['debug_level'] >= debug_level:
continue
srv.set_option('debug_level', debug_level)
self._sssdconfig.save_service(srv)
def _debug_all_domains(self, debug_level, leave_higher=True):
for dom in self._get_domain_objects():
if leave_higher and 'debug_level' in dom.options \
and dom.options['debug_level'] >= debug_level:
continue
dom.set_option('debug_level', debug_level)
self._sssdconfig.save_domain(dom)
def _write(self):
self._sssdconfig.write()
def _restart(self):
print 'Condrestarting SSSD'
if call(['systemctl', 'condrestart', 'sssd']) != 0:
raise ExternalCommandError('Failed to condrestart SSSD')
def get_domains(self):
domains = self._sssdconfig.list_domains()
print 'SSSD domains: ' + ', '.join(domains)
return domains
def get_realms(self):
realms = []
for dom in self._get_domain_objects():
if 'ipa_domain' in dom.options:
realms.append(dom.options['ipa_domain'].upper())
else:
realms.append(dom.name.upper())
print 'Realms: ' + ', '.join(realms)
return realms
def is_server(self):
for dom in self._get_domain_objects():
if 'ipa_server_mode' in dom.options \
and dom.options['ipa_server_mode']:
print 'SSSD is running in server mode'
return True
print 'SSSD is running in client mode'
return False
def enable_debug(self, debug_level=2, leave_higher=True):
print 'Setting SSSD debug level to ' + str(debug_level)
self._debug_all_services(debug_level, leave_higher)
self._debug_all_domains(debug_level, leave_higher)
self._write()
self._restart()