Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments

    • INQUIRY Any method to list all current values of SSSD configs (SSSD config dump)

    Posted on

    Hi esteemed colleagues,

    For a long time I have been trying to figure out the way to get the SSSD config dump from running instance. In other words, how to lits all valuers for 275 SSSD options on RHEL 8, for example.

    We all use just a small subset of SSSD options in the configs and rely on all others to use default values. But, when one has so many options (I counted 275 of them for RHEL 8 today), who ahs the time to read all manual pages to figure them out!?

    I know of three methods to find the values in SSSD config that were directly set up (without using the manual pages):

    1) ldbsearch from package ldb-tools:

    sudo /usr/bin/ldbsearch -H /var/lib/sss/db/config.ldb

    2) Increase the debug_level of a domain to 0x0400 - it will show the backend configuration options.

    3) Python 3 script which relies on package python3-sssdconfig. Here is a snippet from my script:

    #!/usr/bin/python3

from __future__ import print_function
import SSSDConfig

# Create an instance of SSSDConfig
sssdConfig = SSSDConfig.SSSDConfig()

# Import the SSSD configuration from a file (e.g., 'sssd.conf')
# Ensure 'sssd.conf' exists in the same directory or provide a full path.
#
try:
    sssdConfig.import_config('/etc/sssd/sssd.conf')
except SSSDConfig.FileNotFound as e:
    print(f"Error: {e}")
    print("Please ensure 'sssd.conf' exists and is accessible.")
    exit(1)

# List active domains configured in SSSD
#
active_domain = sssdConfig.list_active_domains()

# Print the list of active domains
#
print(f"Active SSSD domains: {active_domain}")

# Access the [sssd] section
#
sssd_active = sssdConfig.list_active_services()
print(f"Active services: {sssd_active}")
sssd_inactive = sssdConfig.list_inactive_services()
print(f"Inactive services: {sssd_inactive}")

# Define your domain or find it via API
#
#domain_name = 'mydomain.dom'
#dom = sssdConfig.get_domain(domain_name)
dom = sssdConfig.get_domain(active_domain[0])

dom_opt_dict = dom.list_options()
domain_config = sssdConfig.get_domain(active_domain[0])
ldap_uri = domain_config.get_option('use_fully_qualified_names')

for db, v in dom_opt_dict.items():
   try:
      ldap_uri = domain_config.get_option(db)
      print(f"Option {db} defined in SSSD config as {ldap_uri}")
   except SSSDConfig.NoOptionError as e:
      print(f"Error: Option {e} not defined in SSSD config")

    When one runs my Python script, it provides results like these:

    Active SSSD domains: ['mydomain.dom']
    Active services: ['nss']
    Inactive services: ['sssd']
    Option id_provider defined in SSSD config as ad
    Option auth_provider defined in SSSD config as ad
    Option access_provider defined in SSSD config as ad
    Option chpass_provider defined in SSSD config as ad
    Option sudo_provider defined in SSSD config as ad
    Option autofs_provider defined in SSSD config as ad
    Error: Option hostid_provider not defined in SSSD config
    Option subdomains_provider defined in SSSD config as ad
    Error: Option selinux_provider not defined in SSSD config
    Error: Option session_provider not defined in SSSD config
    Option resolver_provider defined in SSSD config as ad
    Error: Option enabled not defined in SSSD config
    Error: Option description not defined in SSSD config
    Error: Option domain_type not defined in SSSD config
    Error: Option debug not defined in SSSD config
    Error: Option debug_level not defined in SSSD config
    Error: Option debug_timestamps not defined in SSSD config
    Error: Option command not defined in SSSD config
    Error: Option min_id not defined in SSSD config
    Error: Option max_id not defined in SSSD config
    Error: Option timeout not defined in SSSD config
    Error: Option enumerate not defined in SSSD config
    Error: Option subdomain_enumerate not defined in SSSD config
    Error: Option offline_timeout not defined in SSSD config
    Error: Option offline_timeout_max not defined in SSSD config
    Error: Option offline_timeout_random_offset not defined in SSSD config
    Option cache_credentials defined in SSSD config as False
    Error: Option cache_credentials_minimal_first_factor_length not defined in SSSD config
    Option use_fully_qualified_names defined in SSSD config as False
    Error: Option ignore_group_members not defined in SSSD config
    Error: Option entry_cache_timeout not defined in SSSD config
    Error: Option lookup_family_order not defined in SSSD config
    ... and many more lines...

    So, my question. Did anyone figure how to collect all current SSSD options (something like showing running config)?

    The way I see it, it would be best to do it via sssctl. Something like:

    sssctl show-running-config

    Regards,

    Dusan Baljevic (amateur radio VK2COT)

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2025 Red Hat