We're developing a java application, which should authenticate users against both LDAP and custom formatted files containing user information. Both username/password and certificate authentication are planned to be supported. Our application should run mainly on RHEL. We were estimating the possibility to use SSSD for this purpose. After some investigation it seems, that SSSD can be called from java code only via D-Bus. It also seems, that it can be used mainly for fetching user information. but not for authentication.
E.g. for fetching user by uid: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByName string:<UID> For retrieving user groups: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/<DOMAIN>/<UID> orgfreedesktop.DBus.Properties.Get string:org.freedesktop.sssd.infopipe.Users.User string:groups For retrieving some extra attributes (after adding them to sssd.conf); dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users/<DOMAIN>/<UID> orgfreedesktop.DBus.Properties.Get string:org.freedesktop.sssd.infopipe.Users.User string:"extraAttributes" Somewhat promising looks method FindByNameAndCertificate: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe /org/freedesktop/sssd/infopipe/Users org.freedesktop.sssd.infopipe.Users.FindByNameAndCertificate string:<UID> string:<PEM_CERT> But as far as I understand, FindByNameAndCertificate just compares string representation of a pem certificate and is far from client certificate authentication. Do I understand correctly, that at the moment there is no possibility to perform user authentication via D-Bus API through SSSD in LDAP? Or am I missing something? _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
