#4146 RFE: Please consider supporting the systemd userdb varlink API for querying user/group records and membership
Closed: cloned-to-github 3 years ago by pbrezina. Opened 4 years ago by lennart.

The upcoming systemd version adds support for a concept called "userdb" which allows plugging in additional user/group database subsystems that provide rich user definitions in JSON objects. It's intended to be sufficiently simple and extensible for sssd/ldap to support.

Hookup is easy, and by doing this SSSD can supply systemd with various bits of per-user metadata information it will then use, in particular for configuring resource management (cgroups, …), security attributes and other runtime parameters. This for the first time would allow a provider like sssd to do per user resource management, enforced by systemd from its LDAP backend or so.

Documentation for the user/group records is here:


The API sssd would need to implement is this:


This is all petty new stuff and just got merged in systemd upstream. We hope to release this shortly in a new systemd version, and then introduce this to Fedora shortly after.

(I discussed this over the past months to three folks from (or close to) the sssd/ldap/samba community about this, including Alexander Bokovoy, Simo Sorce, Günther Deschner. Alexander suggested I should post an issue here about this, hence that's what I am doing. Alexander also indicated he'd like to see at least two more features added to the varlink API to make this really useful for sssd [which is username prefix searches + existence checks], but I guess that shouldn't stop us from starting the discussion here.)

Metadata Update from @thalman:
- Issue tagged with: Future milestone

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/5104

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.