452N/A%if 0%{?rhel} && 0%{?rhel} <= 6
%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from
distutils.sysconfig import get_python_lib; print(get_python_lib())")}
%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from
distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
# we don't want to provide private python extension libs
%define __provides_exclude_from %{python2_sitearch}/.*\.so$
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
%if (0%{?fedora} || 0%{?rhel} >= 7)
%if (0%{?use_systemd} == 1)
%global with_initscript --with-initscript=systemd --with-systemdunitdir=%{_unitdir}
%global with_syslog --with-syslog=journald
%global with_initscript --with-initscript=sysv
%global enable_experimental 1
%if (0%{?enable_experimental} == 1)
%global experimental --enable-all-experimental-features
# Determine the location of the LDB modules directory
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
%if (0%{?fedora} || 0%{?rhel} >= 7)
%define _hardened_build 1
%if (0%{?fedora} || 0%{?rhel} >= 7)
%global with_cifs_utils_plugin 1
%global with_cifs_utils_plugin_option --disable-cifs-idmap-plugin
%if (0%{?fedora} >= 21 || (0%{?rhel} == 7 && 0%{?rhel7_minor} >= 1))
%global with_krb5_localauth_plugin 1
%global with_python3_option --without-python3-bindings
Version: @PACKAGE_VERSION@
Release: 0@PRERELEASE_VERSION@%{?dist}
Summary: System Security Services Daemon
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Requires: sssd-common = %{version}-%{release}
Requires: sssd-ldap = %{version}-%{release}
Requires: sssd-krb5 = %{version}-%{release}
Requires: sssd-ipa = %{version}-%{release}
Requires: sssd-common-pac = %{version}-%{release}
Requires: sssd-ad = %{version}-%{release}
Requires: sssd-proxy = %{version}-%{release}
%if (0%{?with_python3} == 1)
Requires: python3-sssdconfig = %{version}-%{release}
Requires: python-sssdconfig = %{version}-%{release}
%global sssdstatedir %{_localstatedir}
/lib/sss%global dbpath %{sssdstatedir}/db
%global pipepath %{sssdstatedir}/pipes
%global mcpath %{sssdstatedir}/mc
%global pubconfpath %{sssdstatedir}/pubconf
%global gpocachepath %{sssdstatedir}/gpo_cache
### Build Dependencies ###
BuildRequires: popt-devel
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: libtdb-devel
BuildRequires: libldb-devel
BuildRequires: libdhash-devel >= 0.4.2
BuildRequires: libcollection-devel
BuildRequires: libini_config-devel >= 1.1
BuildRequires: dbus-devel
BuildRequires: openldap-devel
BuildRequires: nspr-devel
BuildRequires: pcre-devel
BuildRequires: docbook-style-xsl
%if (0%{?with_krb5_localauth_plugin} == 1)
BuildRequires: krb5-devel >= 1.12
BuildRequires: krb5-devel
BuildRequires: c-ares-devel
BuildRequires: python-devel
%if (0%{?with_python3} == 1)
BuildRequires: python3-devel
BuildRequires: check-devel
BuildRequires: libselinux-devel
BuildRequires: libsemanage-devel
BuildRequires: bind-utils
BuildRequires: keyutils-libs-devel
BuildRequires: gettext-devel
BuildRequires: glib2-devel
BuildRequires: selinux-policy-targeted
BuildRequires: libcmocka-devel >= 1.0.0
BuildRequires: uid_wrapper
BuildRequires: nss_wrapper
BuildRequires: libnl3-devel
%if (0%{?use_systemd} == 1)
BuildRequires: systemd-devel
%if (0%{?with_cifs_utils_plugin} == 1)
BuildRequires: cifs-utils-devel
%if (0%{?fedora} || (0%{?rhel} >= 7))
BuildRequires: libnfsidmap-devel
BuildRequires: nfs-utils-lib-devel
BuildRequires: samba4-devel
BuildRequires: libsmbclient-devel
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
The sssd subpackage is a meta-package that contains the deamon as well as all
Summary: Common files for the SSSD
Requires: libldb >= 0.9.3
Requires: libtdb >= 1.1.3
Requires: sssd-client%{?_isa} = %{version}-%{release}
Requires: libsss_idmap = %{version}-%{release}
Conflicts: sssd < %{version}-%{release}
%if (0%{?use_systemd} == 1)
Requires(post): systemd-units systemd-sysv
Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(post): initscripts chkconfig
Requires(preun): initscripts chkconfig
Requires(postun): initscripts chkconfig
Provides: libsss_sudo = %{version}-%{release}
Obsoletes: libsss_sudo <= 1.9.93
Provides: libsss_sudo-devel = %{version}-%{release}
Obsoletes: libsss_sudo-devel <= 1.9.93
Provides: libsss_autofs = %{version}-%{release}
Obsoletes: libsss_autofs <= 1.9.93
Common files for the SSSD. The common package includes all the files needed
to run a particular back end, however, the back ends are packaged in separate
subpackages such as sssd-ldap.
Summary: SSSD Client libraries for NSS and PAM
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
Summary: Userspace tools for use with the SSSD
Requires: sssd-common = %{version}-%{release}
# required by sss_obfuscate
%if (0%{?with_python3} == 1)
Requires: python3-sss = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release}
Requires: python-sss = %{version}-%{release}
Requires: python-sssdconfig = %{version}-%{release}
Provides userspace tools for manipulating users, groups, and nested groups in
Also provides several other administrative tools:
* sss_debuglevel to change the debug level on the fly
* sss_seed which pre-creates a user entry for use in kickstarts
* sss_obfuscate for generating an obfuscated LDAP password
%package -n python-sssdconfig
Summary: SSSD and IPA configuration file manipulation classes and functions
%description -n python-sssdconfig
Provides python2 files for manipulation SSSD and IPA configuration files.
%if (0%{?with_python3} == 1)
%package -n python3-sssdconfig
Summary: SSSD and IPA configuration file manipulation classes and functions
%description -n python3-sssdconfig
Provides python3 files for manipulation SSSD and IPA configuration files.
Summary: Python2 bindings for sssd
Requires: sssd-common = %{version}-%{release}
%description -n python-sss
Provides python2 module for manipulating users, groups, and nested groups in
Also provides several other useful python2 bindings:
* function for retrieving list of groups user belongs to.
* class for obfuscation of passwords
%if (0%{?with_python3} == 1)
Summary: Python3 bindings for sssd
Requires: sssd-common = %{version}-%{release}
%description -n python3-sss
Provides python3 module for manipulating users, groups, and nested groups in
Also provides several other useful python3 bindings:
* function for retrieving list of groups user belongs to.
* class for obfuscation of passwords
%package -n python-sss-murmur
Summary: Python2 bindings for murmur hash function
%description -n python-sss-murmur
Provides python2 module for calculating the murmur hash version 3
%if (0%{?with_python3} == 1)
%package -n python3-sss-murmur
Summary: Python3 bindings for murmur hash function
%description -n python3-sss-murmur
Provides python3 module for calculating the murmur hash version 3
Summary: The LDAP back end of the SSSD
Conflicts: sssd < %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Provides the LDAP back end that the SSSD can utilize to fetch identity data
from and authenticate against an LDAP server.
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
Conflicts: sssd < %{version}-%{release}
Requires: cyrus-sasl-gssapi
Requires: sssd-common = %{version}-%{release}
Provides helper processes that the LDAP and Kerberos back ends can use for
Kerberos user or host authentication.
Summary: The Kerberos authentication back end for the SSSD
Conflicts: sssd < %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Provides the Kerberos back end that the SSSD can utilize authenticate
against a Kerberos server.
Summary: Common files needed for supporting PAC processing
Requires: sssd-common = %{version}-%{release}
Provides common files needed by SSSD providers such as IPA and Active Directory
for handling Kerberos PACs.
Summary: The IPA back end of the SSSD
Conflicts: sssd < %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: libipa_hbac = %{version}-%{release}
Requires: sssd-common-pac = %{version}-%{release}
Provides the IPA back end that the SSSD can utilize to fetch identity data
from and authenticate against an IPA server.
Summary: The AD back end of the SSSD
Conflicts: sssd < %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: sssd-common-pac = %{version}-%{release}
Provides the Active Directory back end that the SSSD can utilize to fetch
identity data from and authenticate against an Active Directory server.
Summary: The proxy back end of the SSSD
Conflicts: sssd < %{version}-%{release}
Requires: sssd-common = %{version}-%{release}
Provides the proxy back end which can be used to wrap an existing NSS
and/orPAM modules to leverage SSSD caching.
Summary: FreeIPA Idmap library
%description -n libsss_idmap
Utility library to convert SIDs to Unix uids and gids
%package -n libsss_idmap-devel
Summary: FreeIPA Idmap library
Requires: libsss_idmap = %{version}-%{release}
%description -n libsss_idmap-devel
Utility library to SIDs to Unix uids and gids
Summary: FreeIPA HBAC Evaluator library
%description -n libipa_hbac
Utility library to validate FreeIPA HBAC rules for authorization requests
%package -n libipa_hbac-devel
Summary: FreeIPA HBAC Evaluator library
Requires: libipa_hbac = %{version}-%{release}
%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization requests
%package -n python-libipa_hbac
Summary: Python2 bindings for the FreeIPA HBAC Evaluator library
Requires: libipa_hbac = %{version}-%{release}
Provides: libipa_hbac-python = %{version}-%{release}
Obsoletes: libipa_hbac-python < 1.12.90
%description -n python-libipa_hbac
The python-libipa_hbac contains the bindings so that libipa_hbac can be
used by Python applications.
%if (0%{?with_python3} == 1)
%package -n python3-libipa_hbac
Summary: Python3 bindings for the FreeIPA HBAC Evaluator library
Requires: libipa_hbac = %{version}-%{release}
%description -n python3-libipa_hbac
The python3-libipa_hbac contains the bindings so that libipa_hbac can be
used by Python applications.
%package -n libsss_nss_idmap
Summary: Library for SID based lookups
%description -n libsss_nss_idmap
Utility library for SID based lookups
%package -n libsss_nss_idmap-devel
Summary: Library for SID based lookups
Requires: libsss_nss_idmap = %{version}-%{release}
%description -n libsss_nss_idmap-devel
Utility library for SID based lookups
%package -n python-libsss_nss_idmap
Summary: Python2 bindings for libsss_nss_idmap
Requires: libsss_nss_idmap = %{version}-%{release}
Provides: libsss_nss_idmap-python = %{version}-%{release}
Obsoletes: libsss_nss_idmap-python < 1.12.90
%description -n python-libsss_nss_idmap
The python-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
be used by Python applications.
%if (0%{?with_python3} == 1)
%package -n python3-libsss_nss_idmap
Summary: Python3 bindings for libsss_nss_idmap
Requires: libsss_nss_idmap = %{version}-%{release}
%description -n python3-libsss_nss_idmap
The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
be used by Python applications.
Summary: The D-Bus responder of the SSSD
BuildRequires: augeas-devel
Requires: sssd-common = %{version}-%{release}
Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
the information from the SSSD to be transmitted over the system bus.
%package -n libsss_simpleifp
Summary: The SSSD D-Bus responder helper library
Requires: sssd-dbus = %{version}-%{release}
%description -n libsss_simpleifp
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
%package -n libsss_simpleifp-devel
Summary: The SSSD D-Bus responder helper library
Requires: libsss_simpleifp = %{version}-%{release}
%description -n libsss_simpleifp-devel
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
Summary: The SSSD libwbclient implementation
License: GPLv3+ and LGPLv3+
The SSSD libwbclient implementation.
%package libwbclient-devel
Summary: Development libraries for the SSSD libwbclient implementation
License: GPLv3+ and LGPLv3+
%description libwbclient-devel
Development libraries for the SSSD libwbclient implementation.
%setup -q -n %{name}-%{version}
--with-db-path=%{dbpath} \
--with-mcache-path=%{mcpath} \
--with-pipe-path=%{pipepath} \
--with-pubconf-path=%{pubconfpath} \
--with-gpo-cache-path=%{gpocachepath} \
--with-init-dir=%{_initrddir} \
--enable-nsslibdir=/%{_lib} \
--enable-pammoddir=/%{_lib}/security \
--enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
%{?with_cifs_utils_plugin_option} \
%{?with_python3_option} \
make %{?_smp_mflags} docs
export CK_TIMEOUT_MULTIPLIER=10
make %{?_smp_mflags} check VERBOSE=yes
unset CK_TIMEOUT_MULTIPLIER
%if (0%{?with_python3} == 1)
make install DESTDIR=$RPM_BUILD_ROOT
# Copy default logrotate file
# Make sure SSSD is able to run on read-only root
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/
rwtab.d# Remove .la files created by libtool
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
# Suppress developer-only documentation
rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
# Older versions of rpmbuild can only handle one -f option
# So we need to append to the sssd*.lang file
for file in `ls $RPM_BUILD_ROOT/%{python2_sitelib}/*.egg-info 2>
/dev/null`
%if (0%{?with_python3} == 1)
for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2>
/dev/null`
for provider in ldap krb5 ipa ad proxy
for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
lang=`echo $man | cut -c 1-2`
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >>
sssd.lang echo \%lang\(${lang}\) \%{_mandir}/${man}\* >>
sssd.lang%if (0%{?use_systemd} == 1)
%dir %{_libexecdir}/%{servicename}
%{_libexecdir}/%{servicename}/sssd_be
%{_libexecdir}/%{servicename}/sssd_nss
%{_libexecdir}/%{servicename}/sssd_pam
%{_libexecdir}/%{servicename}/sssd_autofs
%{_libexecdir}/%{servicename}/sssd_ssh
%{_libexecdir}/%{servicename}/sssd_sudo
#Internal shared libraries
# 3rd party application libraries
%{_bindir}/sss_ssh_authorizedkeys
%{_bindir}/sss_ssh_knownhostsproxy
%{_libexecdir}/%{servicename}/sss_signal
%attr(700,sssd,sssd) %dir %{dbpath}
%attr(755,sssd,sssd) %dir %{mcpath}
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
%attr(755,sssd,sssd) %dir %{pipepath}
%attr(755,sssd,sssd) %dir %{pubconfpath}
%attr(755,sssd,sssd) %dir %{gpocachepath}
%attr(700,sssd,sssd) %dir %{pipepath}/private
%attr(750,sssd,sssd) %dir %{_var}/log/%{name}
%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd
%ghost %attr(0600,sssd,sssd) %config(noreplace) %{_sysconfdir}
/sssd/sssd.conf%if (0%{?use_systemd} == 1)
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/krb5_child
%{_libexecdir}/%{servicename}/sssd_pac
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/selinux_child
%{_libexecdir}/%{servicename}/gpo_child
%{_libexecdir}/%{servicename}/proxy_child
%{_libexecdir}/%{servicename}/sssd_ifp
%files -n libsss_simpleifp
%files -n libsss_simpleifp-devel
%if (0%{?with_cifs_utils_plugin} == 1)
%if (0%{?with_krb5_localauth_plugin} == 1)
%{_sbindir}/sss_groupshow
%{_sbindir}/sss_obfuscate
%{_sbindir}/sss_debuglevel
%dir %{python2_sitelib}/SSSDConfig
%{python2_sitelib}/SSSDConfig/*.py*
%if (0%{?with_python3} == 1)
%dir %{python3_sitelib}/SSSDConfig
%{python3_sitelib}/SSSDConfig/*.py*
%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
%if (0%{?with_python3} == 1)
%files -n python-sss-murmur
%if (0%{?with_python3} == 1)
%files -n python3-sss-murmur
%files -n libsss_idmap-devel
%files -n libipa_hbac-devel
%files -n libsss_nss_idmap
%files -n libsss_nss_idmap-devel
%files -n python-libsss_nss_idmap
%if (0%{?with_python3} == 1)
%files -n python3-libsss_nss_idmap
%files -n python-libipa_hbac
%if (0%{?with_python3} == 1)
%files -n python3-libipa_hbac
getent group sssd >
/dev/null || groupadd -r sssd
%if (0%{?use_systemd} == 1)
# Package removal, not upgrade
# Package upgrade, not uninstall
%if (0%{?with_cifs_utils_plugin} == 1)
* Mon Mar 15 2010 Stephen Gallagher <sgallagh@redhat.com> - @PACKAGE_VERSION@-0@PRERELEASE_VERSION@
- Automated build of the SSSD