SSSD scriptssssd

16 files changed, 957 insertions, 0 deletions

diff --git a/commands/sssd/Makefile b/commands/sssd/Makefile
new file mode 100644
index 0000000..ee4552b
--- /dev/null
+++ b/commands/sssd/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.inc
diff --git a/commands/sssd/README.md b/commands/sssd/README.md
new file mode 100644
index 0000000..c10dad2
--- /dev/null
+++ b/commands/sssd/README.md
@@ -0,0 +1,4 @@
+SSSD service management through OpenLMI SSSD providers.
+
+This command allows to list a manipulate with domains
+and responders.
diff --git a/commands/sssd/doc/Makefile b/commands/sssd/doc/Makefile
new file mode 100644
index 0000000..daa6aff
--- /dev/null
+++ b/commands/sssd/doc/Makefile
@@ -0,0 +1 @@
+include ../../../Makefile.doc.inc
diff --git a/commands/sssd/doc/cmdline.generated b/commands/sssd/doc/cmdline.generated
new file mode 100644
index 0000000..e9b1a0b
--- /dev/null
+++ b/commands/sssd/doc/cmdline.generated
@@ -0,0 +1,74 @@
+..
+    !!!!!!!!!
+    This is generated file. Use 'make cmdregen' to regenerate it from installed 'lmi help <CMD_NAME>'
+    !!!!!!!!!
+
+sssd
+----
+
+SSSD system service management.
+
+
+**Usage:**
+
+    **lmi** **sssd** status
+
+    **lmi** **sssd** **restart** [\ **--try**\ ]
+
+    **lmi** **sssd** **set-debug-level** \ *<level>*\  [\ **--until-restart**\ ] [options]
+
+    **lmi** **sssd** service
+
+    **lmi** **sssd** domain
+
+
+
+
+
+**Commands:**
+
+
+    **status**
+        Prints SSSD service's status.
+
+    **restart**
+        Restarts the SSSD service.
+
+    **set-debug-level**
+        Set debug level of selected (all by default) components.
+
+    **service**
+        Manage supported services.
+
+    **domain**
+        Manage SSSD domains.
+
+**Restart options:**
+
+
+    **--try**
+        Whether to abandon the operation if the service
+        is not running.
+
+**Set-debug-level options:**
+
+
+    **--until-restart**
+        
+        Set the debug level but switch it to original
+        value when SSSD is restarted.
+
+    **--all**
+        Select all components (default)
+
+    **--monitor**
+        Select the SSSD monitor.
+
+    **--services=svc,...**
+        
+        Comma separated list of SSSD services.
+
+    **--domains=dom,...**
+        
+        Comma separated list of SSSD domains.
+
diff --git a/commands/sssd/doc/cmdline.rst b/commands/sssd/doc/cmdline.rst
new file mode 100644
index 0000000..ae9b086
--- /dev/null
+++ b/commands/sssd/doc/cmdline.rst
@@ -0,0 +1,6 @@
+LMI command line reference
+==========================
+
+These commands allow to manage SSSD service.
+
+.. include:: cmdline.generated
diff --git a/commands/sssd/doc/conf.py.skel b/commands/sssd/doc/conf.py.skel
new file mode 100644
index 0000000..346da2e
--- /dev/null
+++ b/commands/sssd/doc/conf.py.skel
@@ -0,0 +1,242 @@
+# -*- coding: utf-8 -*-
+#
+# OpenLMI SSSD Scripts documentation build configuration file, created by
+# sphinx-quickstart on Thu Aug  8 15:36:58 2013.
+#
+# This file is execfile()d with the current directory set to its containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+import sys, os
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+sys.path.insert(0, os.path.abspath('../lmi'))
+
+# -- General configuration -----------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be extensions
+# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
+extensions = ['sphinx.ext.autodoc', 'sphinx.ext.todo']
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix of source filenames.
+source_suffix = '.rst'
+
+# The encoding of source files.
+#source_encoding = 'utf-8-sig'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'OpenLMI SSSD Scripts'
+copyright = u'2013-2014, Red Hat, Inc.'
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = "@@VERSION@@"
+# The full version, including alpha/beta/rc tags.
+release = "@@VERSION@@"
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#language = None
+
+# There are two options for replacing |today|: either, you set today to some
+# non-false value, then it is used:
+#today = ''
+# Else, today_fmt is used as the format for a strftime call.
+#today_fmt = '%B %d, %Y'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+exclude_patterns = ['_build']
+
+# The reST default role (used for this markup: `text`) to use for all documents.
+#default_role = None
+
+# If true, '()' will be appended to :func: etc. cross-reference text.
+#add_function_parentheses = True
+
+# If true, the current module name will be prepended to all description
+# unit titles (such as .. function::).
+#add_module_names = True
+
+# If true, sectionauthor and moduleauthor directives will be shown in the
+# output. They are ignored by default.
+#show_authors = False
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# A list of ignored prefixes for module index sorting.
+#modindex_common_prefix = []
+
+
+# -- Options for HTML output ---------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+html_theme = "openlmitheme"
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further.  For a list of options available for each theme, see the
+# documentation.
+#html_theme_options = {}
+
+# Add any paths that contain custom themes here, relative to this directory.
+#html_theme_path = []
+
+# The name for this set of Sphinx documents.  If None, it defaults to
+# "<project> v<release> documentation".
+#html_title = None
+
+# A shorter title for the navigation bar.  Default is the same as html_title.
+#html_short_title = None
+
+# The name of an image file (relative to this directory) to place at the top
+# of the sidebar.
+#html_logo = None
+
+# The name of an image file (within the static path) to use as favicon of the
+# docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
+# pixels large.
+#html_favicon = None
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']
+
+# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
+# using the given strftime format.
+#html_last_updated_fmt = '%b %d, %Y'
+
+# If true, SmartyPants will be used to convert quotes and dashes to
+# typographically correct entities.
+html_use_smartypants = False
+
+# Custom sidebar templates, maps document names to template names.
+#html_sidebars = {}
+
+# Additional templates that should be rendered to pages, maps page names to
+# template names.
+#html_additional_pages = {}
+
+# If false, no module index is generated.
+#html_domain_indices = True
+
+# If false, no index is generated.
+#html_use_index = True
+
+# If true, the index is split into individual pages for each letter.
+#html_split_index = False
+
+# If true, links to the reST sources are added to the pages.
+#html_show_sourcelink = True
+
+# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
+#html_show_sphinx = True
+
+# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
+#html_show_copyright = True
+
+# If true, an OpenSearch description file will be output, and all pages will
+# contain a <link> tag referring to it.  The value of this option must be the
+# base URL from which the finished HTML is served.
+#html_use_opensearch = ''
+
+# This is the file name suffix for HTML files (e.g. ".xhtml").
+#html_file_suffix = None
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'OpenLMISSSDScriptsdoc'
+
+
+# -- Options for LaTeX output --------------------------------------------------
+
+latex_elements = {
+# The paper size ('letterpaper' or 'a4paper').
+#'papersize': 'letterpaper',
+
+# The font size ('10pt', '11pt' or '12pt').
+#'pointsize': '10pt',
+
+# Additional stuff for the LaTeX preamble.
+#'preamble': '',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title, author, documentclass [howto/manual]).
+latex_documents = [
+  ('index', 'OpenLMISSSDScripts.tex', u'OpenLMI SSSD Scripts Documentation',
+   u'Red Hat, Inc.', 'manual'),
+]
+
+# The name of an image file (relative to this directory) to place at the top of
+# the title page.
+#latex_logo = None
+
+# For "manual" documents, if this is true, then toplevel headings are parts,
+# not chapters.
+#latex_use_parts = False
+
+# If true, show page references after internal links.
+#latex_show_pagerefs = False
+
+# If true, show URL addresses after external links.
+#latex_show_urls = False
+
+# Documents to append as an appendix to all manuals.
+#latex_appendices = []
+
+# If false, no module index is generated.
+#latex_domain_indices = True
+
+
+# -- Options for manual page output --------------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+    ('index', 'openlmisssdscripts', u'OpenLMI SSSD Scripts Documentation',
+     [u'Red Hat, Inc.'], 1)
+]
+
+# If true, show URL addresses after external links.
+#man_show_urls = False
+
+
+# -- Options for Texinfo output ------------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+  ('index', 'OpenLMISSSDScripts', u'OpenLMI SSSD Scripts Documentation',
+   u'Red Hat, Inc.', 'OpenLMISSSDScripts', 'One line description of project.',
+   'Miscellaneous'),
+]
+
+# Documents to append as an appendix to all manuals.
+#texinfo_appendices = []
+
+# If false, no module index is generated.
+#texinfo_domain_indices = True
+
+# How to display URL addresses: 'footnote', 'no', or 'inline'.
+#texinfo_show_urls = 'footnote'
diff --git a/commands/sssd/doc/index.rst b/commands/sssd/doc/index.rst
new file mode 100644
index 0000000..0ec678b
--- /dev/null
+++ b/commands/sssd/doc/index.rst
@@ -0,0 +1,21 @@
+.. OpenLMI SSSD Scripts documentation
+
+OpenLMI SSSD Scripts documentation
+=====================================
+
+Contents:
+
+.. toctree::
+   :maxdepth: 2
+
+   cmdline
+   python
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`
+
diff --git a/commands/sssd/doc/python.rst b/commands/sssd/doc/python.rst
new file mode 100644
index 0000000..5022992
--- /dev/null
+++ b/commands/sssd/doc/python.rst
@@ -0,0 +1,9 @@
+Python reference for OpenLMI client scripts
+===========================================
+
+Service Module API
+-------------------
+.. automodule:: lmi.scripts.sssd
+    :members:
+
+    
diff --git a/commands/sssd/lmi/__init__.py b/commands/sssd/lmi/__init__.py
new file mode 100644
index 0000000..ca65877
--- /dev/null
+++ b/commands/sssd/lmi/__init__.py
@@ -0,0 +1,30 @@
+# Copyright (C) 2013-2014 Red Hat, Inc. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice,
+#    this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+# The views and conclusions contained in the software and documentation are
+# those of the authors and should not be interpreted as representing official
+# policies, either expressed or implied, of the FreeBSD Project.
+#
+# Authors: Michal Minar <miminar@redhat.com>
+#
+__import__('pkg_resources').declare_namespace(__name__)
diff --git a/commands/sssd/lmi/scripts/__init__.py b/commands/sssd/lmi/scripts/__init__.py
new file mode 100644
index 0000000..de40ea7
--- /dev/null
+++ b/commands/sssd/lmi/scripts/__init__.py
@@ -0,0 +1 @@
+__import__('pkg_resources').declare_namespace(__name__)
diff --git a/commands/sssd/lmi/scripts/sssd/__init__.py b/commands/sssd/lmi/scripts/sssd/__init__.py
new file mode 100644
index 0000000..07ecd5b
--- /dev/null
+++ b/commands/sssd/lmi/scripts/sssd/__init__.py
@@ -0,0 +1,192 @@
+# SSSD Providers
+#
+# Copyright (C) 2013-2014 Red Hat, Inc.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# The views and conclusions contained in the software and documentation are those
+# of the authors and should not be interpreted as representing official policies,
+# either expressed or implied, of the FreeBSD Project.
+#
+#
+# Authors: Pavel Brezina <pbrezina@redhat.com>
+#
+"""
+LMI SSSD provider client library.
+
+This set of functions can list and manage SSSD's responders and domains.
+"""
+
+from lmi.scripts.common.errors import LmiFailed
+from lmi.shell.LMIInstanceName import LMIInstanceName
+from lmi.scripts.common import get_computer_system
+from lmi.scripts.common import get_logger
+import pywbem
+import lmi.scripts.common
+
+LOG = get_logger(__name__)
+
+def debug_level(level):
+    """
+    Return hexadecimal representation of debug level.
+    
+    :type level: int
+    :param level: Debug level.
+    :rtype: string
+    """
+    return "%#.4x" % level
+
+#
+# SSSD
+#
+
+def set_debug_level(ns, level, until_restart, components):
+    rval = 0
+    for component in ns.LMI_SSSDComponent.instances():
+        found = False
+        if components is not None and len(components) > 0:
+            for name in components:
+                if component.Name == name:
+                    found = True
+                    continue
+        if not found:
+            continue
+        if until_restart:
+            (rval, _, msg) = component.SetDebugLevelTemporarily({'debug_level' : int(level, 16)})
+        else:
+            (rval, _, msg) = component.SetDebugLevelPermanently({'debug_level' : int(level, 16)})
+        if rval == 0:
+            LOG().info('Debug level of "%s" changed to "%#.4x".',
+                       component.Name, level)
+        elif msg:
+            LOG().error('Operation failed on "%s": %s.',
+                        component.Name, errorstr)
+    return rval
+
+#
+# Services
+#
+
+def list_services(ns, kind='all'):
+    for svc in ns.LMI_SSSDResponder.instances():
+        if kind == 'disabled' and svc.IsEnabled == True:
+            continue
+        if kind == 'enabled' and svc.IsEnabled == False:
+            continue
+        yield svc
+        
+def get_service(ns, service):
+    keys = {'Name': service}
+    try:
+        inst = ns.LMI_SSSDResponder.new_instance_name(keys).to_instance()
+    except pywbem.CIMError, err:
+        if err[0] == pywbem.CIM_ERR_NOT_FOUND:
+            raise LmiFailed("Cannot find the service: %s" % service)
+        raise
+    return inst
+
+def enable_service(ns, service):
+    instance = get_service(ns, service)
+    (rval, _, msg) = instance.Enable()
+    if rval == 0:
+        LOG().info('Service "%s" enabled', service)
+    elif msg:
+        LOG().error('Operation failed on "%s": %s.', service, errorstr)
+    return rval
+
+def disable_service(ns, service):
+    instance = get_service(ns, service)
+    (rval, _, msg) = instance.Disable()
+    if rval == 0:
+        LOG().info('Service "%s" disabled', service)
+    elif msg:
+        LOG().error('Operation failed on "%s": %s.', service, errorstr)
+    return rval
+
+#
+# Domains
+#
+
+def list_backends(ns, kind='all'):
+    for backend in ns.LMI_SSSDBackend.instances():
+        if kind == 'disabled' and backend.IsEnabled == True:
+            continue
+        if kind == 'enabled' and backend.IsEnabled == False:
+            continue
+        yield backend
+        
+def get_provider(ns, type, backend):
+    for provider in backend.associators(AssocClass="LMI_SSSDBackendProvider"):
+        if provider.Type == type:
+            return provider.Module
+    return 'ldap'
+
+def get_domain(ns, domain):
+    keys = {'Name': domain}
+    try:
+        inst = ns.LMI_SSSDDomain.new_instance_name(keys).to_instance()
+    except pywbem.CIMError, err:
+        if err[0] == pywbem.CIM_ERR_NOT_FOUND:
+            raise LmiFailed("Cannot find the domain: %s" % service)
+        raise
+    return inst
+
+def get_backend(ns, domain):
+    keys = {'Name': domain}
+    try:
+        inst = ns.LMI_SSSDBackend.new_instance_name(keys).to_instance()
+    except pywbem.CIMError, err:
+        if err[0] == pywbem.CIM_ERR_NOT_FOUND:
+            raise LmiFailed("Cannot find the backend: %s" % service)
+        raise
+    return inst
+
+def enable_backend(ns, domain):
+    instance = get_backend(ns, domain)
+    (rval, _, msg) = instance.Enable()
+    if rval == 0:
+        LOG().info('Domain "%s" enabled', domain)
+    elif msg:
+        LOG().error('Operation failed on "%s": %s.', domain, errorstr)
+    return rval
+
+def disable_backend(ns, domain):
+    instance = get_backend(ns, domain)
+    (rval, _, msg) = instance.Disable()
+    if rval == 0:
+        LOG().info('Domain "%s" disabled', domain)
+    elif msg:
+        LOG().error('Operation failed on "%s": %s.', domain, errorstr)
+    return rval
+
+#
+# Subdomains
+#
+
+def list_subdomains_names(ns, domain):
+    subdomains = domain.associators(AssocClass="LMI_SSSDDomainSubdomain",
+                                    ResultRole="Subdomain")
+    
+    for subdomain in subdomains:
+        yield subdomain.Name
+        
+def list_subdomains_comma_separated(ns, domain):
+    return ', '.join(list_subdomains_names(ns, domain))
diff --git a/commands/sssd/lmi/scripts/sssd/domains_cmd.py b/commands/sssd/lmi/scripts/sssd/domains_cmd.py
new file mode 100644
index 0000000..5d5a84b
--- /dev/null
+++ b/commands/sssd/lmi/scripts/sssd/domains_cmd.py
@@ -0,0 +1,114 @@
+# SSSD Providers
+#
+# Copyright (C) 2013-2014 Red Hat, Inc.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# The views and conclusions contained in the software and documentation are those
+# of the authors and should not be interpreted as representing official policies,
+# either expressed or implied, of the FreeBSD Project.
+#
+# Authors: Pavel Brezina <pbrezina@redhat.com>
+#
+"""
+SSSD service management.
+
+Usage:
+    %(cmd)s list [(--enabled | --disabled)]
+    %(cmd)s show <domain>
+    %(cmd)s enable <domain>
+    %(cmd)s disable <domain>
+
+
+Commands:
+    list        Prints all domains managed by SSSD.
+    show        Prints information about provided domain.
+    enable      Enable domain in SSSD.
+    disable     Disable domain in SSSD.
+    
+List options:
+    --enabled   List only enabled domains.
+    --disabled  List only disabled domains.
+"""
+
+from lmi.scripts.common import command
+from lmi.scripts import sssd
+
+class List(command.LmiLister):
+    COLUMNS = ('Name', 'Enabled', 'Debug Level', 'ID Provider')
+
+    def execute(self, ns,  _enabled, _disabled):
+        kind = 'all'
+        if _enabled:
+            kind = 'enabled'
+        elif _disabled:
+            kind = 'disabled'
+
+        for s in sorted(sssd.list_backends(ns, kind), key=lambda i: i.Name):
+            yield (s.Name, s.IsEnabled, sssd.debug_level(s.DebugLevel),
+                   sssd.get_provider(ns, 'id_provider', s))
+            
+class Show(command.LmiShowInstance):
+    DYNAMIC_PROPERTIES = True
+    
+    def execute(self, ns, domain):
+        for backend in ns.LMI_SSSDBackend.instances():
+            if backend.Name == domain and not backend.IsEnabled:
+                columns = (
+                    'Name',
+                    ('Enabled', 'IsEnabled'))
+                return columns, backend
+
+        columns = (
+            'Name',
+            ('Enabled', lambda i: True),
+            ('ID Provider', 'Provider'),
+            ('Primary servers', lambda i: ', '.join(i.PrimaryServers)),
+            ('Backup servers', lambda i: ', '.join(i.BackupServers)),
+            ('Subdomains', lambda i: sssd. \
+                                list_subdomains_comma_separated(ns, i)),
+            ('Parent domain', 'ParentDomain'),
+            'Realm',
+            'Forest',
+            ('Enumerable', 'Enumerate'),
+            ('Minimum ID value', 'MinId'),
+            ('Maximum ID value', 'MaxId'),
+            ('Use fully qualified names', 'UseFullyQualifiedNames'),
+            ('Fully qualified name format', 'FullyQualifiedNameFormat'),
+            ('Login expression', 'LoginFormat'))
+        return columns, sssd.get_domain(ns, domain)
+    
+class Enable(command.LmiCheckResult):
+    CALLABLE = sssd.enable_backend
+    EXPECT = 0
+    
+class Disable(command.LmiCheckResult):
+    CALLABLE = sssd.disable_backend
+    EXPECT = 0
+    
+class DomainCommands(command.LmiCommandMultiplexer):
+    COMMANDS = {
+            'list'    : List,
+            'show'    : Show,
+            'enable'  : Enable,
+            'disable' : Disable
+    }
+    OWN_USAGE = __doc__
diff --git a/commands/sssd/lmi/scripts/sssd/services_cmd.py b/commands/sssd/lmi/scripts/sssd/services_cmd.py
new file mode 100644
index 0000000..e166527
--- /dev/null
+++ b/commands/sssd/lmi/scripts/sssd/services_cmd.py
@@ -0,0 +1,94 @@
+# SSSD Providers
+#
+# Copyright (C) 2013-2014 Red Hat, Inc.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# The views and conclusions contained in the software and documentation are those
+# of the authors and should not be interpreted as representing official policies,
+# either expressed or implied, of the FreeBSD Project.
+#
+# Authors: Pavel Brezina <pbrezina@redhat.com>
+#
+"""
+SSSD service management.
+
+Usage:
+    %(cmd)s list [(--enabled | --disabled)]
+    %(cmd)s show <service>
+    %(cmd)s enable <service>
+    %(cmd)s disable <service>
+
+
+Commands:
+    list        Prints all services supported by SSSD.
+    show        Prints information about provided service.
+    enable      Enable service in SSSD.
+    disable     Disable service in SSSD.
+    
+List options:
+    --enabled   List only enabled services.
+    --disabled  List only disabled services.
+"""
+
+from lmi.scripts.common import command
+from lmi.scripts import sssd
+
+class List(command.LmiLister):
+    COLUMNS = ('Name', "Enabled", "Debug Level")
+
+    def execute(self, ns,  _enabled, _disabled):
+        kind = 'all'
+        if _enabled:
+            kind = 'enabled'
+        elif _disabled:
+            kind = 'disabled'
+
+        for s in sorted(sssd.list_services(ns, kind), key=lambda i: i.Name):
+            yield (s.Name, s.IsEnabled, sssd.debug_level(s.DebugLevel))
+            
+class Show(command.LmiShowInstance):
+    DYNAMIC_PROPERTIES = True
+    
+    def execute(self, ns, service):
+        columns = (
+            'Name',
+            ('Enabled', 'IsEnabled'),
+            ('Debug Level', lambda i: sssd.debug_level(i.DebugLevel)))
+
+        return columns, sssd.get_service(ns, service)
+    
+class Enable(command.LmiCheckResult):
+    CALLABLE = sssd.enable_service
+    EXPECT = 0
+    
+class Disable(command.LmiCheckResult):
+    CALLABLE = sssd.disable_service
+    EXPECT = 0
+
+class ServiceCommands(command.LmiCommandMultiplexer):
+    COMMANDS = {
+            'list'    : List,
+            'show'    : Show,
+            'enable'  : Enable,
+            'disable' : Disable
+    }
+    OWN_USAGE = __doc__
diff --git a/commands/sssd/lmi/scripts/sssd/sssd_cmd.py b/commands/sssd/lmi/scripts/sssd/sssd_cmd.py
new file mode 100644
index 0000000..b3e6a6a
--- /dev/null
+++ b/commands/sssd/lmi/scripts/sssd/sssd_cmd.py
@@ -0,0 +1,123 @@
+# SSSD Providers
+#
+# Copyright (C) 2013-2014 Red Hat, Inc.  All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+#    list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+#    this list of conditions and the following disclaimer in the documentation
+#    and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# The views and conclusions contained in the software and documentation are those
+# of the authors and should not be interpreted as representing official policies,
+# either expressed or implied, of the FreeBSD Project.
+#
+# Authors: Pavel Brezina <pbrezina@redhat.com>
+#
+"""
+SSSD system service management.
+
+Usage:
+    %(cmd)s status
+    %(cmd)s restart [--try]
+    %(cmd)s set-debug-level <level> [--until-restart] [options]
+    %(cmd)s domain (--help | <cmd> [<args> ...])
+    %(cmd)s service (--help | <cmd> [<args> ...])
+
+
+Commands:
+    status           Prints SSSD service's status.
+    restart          Restarts the SSSD service.
+    set-debug-level  Set debug level of selected (all by default) components.
+    service          Manage supported services.
+    domain           Manage SSSD domains.
+    
+Restart options:
+    --try         Whether to abandon the operation if the service
+                  is not running.
+                  
+Set-debug-level options:
+    --until-restart
+                  Set the debug level but switch it to original
+                  value when SSSD is restarted.
+    --all         Select all components (default)
+    --monitor     Select the SSSD monitor.
+    --services=svc,...
+                  Comma separated list of SSSD services.
+    --domains=dom,...
+                  Comma separated list of SSSD domains.
+"""
+
+from lmi.scripts.common import command
+from lmi.scripts import service as srv
+from lmi.scripts import sssd
+from lmi.scripts.sssd.services_cmd import ServiceCommands
+from lmi.scripts.sssd.domains_cmd import DomainCommands
+
+class Status(command.LmiShowInstance):
+
+    DYNAMIC_PROPERTIES = True
+
+    def execute(self, ns):
+        columns = (
+                ('Name', lambda i: srv.RE_SUFFIX.sub('', i.Name)),
+                'Caption',
+                ('Enabled', lambda i: srv.get_enabled_string(ns, i)),
+                ('Status', lambda i: srv.get_status_string(ns, i)))
+
+        return columns, srv.get_service(ns, 'sssd')
+
+class Restart(command.LmiCheckResult):
+    CALLABLE = srv.restart_service
+    EXPECT = 0
+
+    def transform_options(self, options):
+        """
+        ``try`` is a keyword argument in python, let's rename it to
+        ``just-try`` which will be transformed into ``just_try``.
+        """
+        options['just-try'] = options.pop('--try')
+        options['service'] = 'sssd'
+        
+class SetDebugLevel(command.LmiCheckResult):
+    OPT_NO_UNDERSCORES = True
+    EXPECT = 0
+    
+    def execute(self, ns, level,
+                until_restart=False,
+                all=True,
+                monitor=False,
+                services=None,
+                domains=None):
+        components = []
+        if services is not None:
+            components.extend(services.split(','))
+        if domains is not None:
+            components.extend(domains.split(','))
+        if monitor:
+            components.append('monitor')
+        return sssd.set_debug_level(ns, level, until_restart, components)
+    
+SSSD = command.register_subcommands(
+        'SSSD', __doc__,
+        { 'status'              : Status
+        , 'restart'             : Restart
+        , 'set-debug-level'     : SetDebugLevel
+        , 'service'             : ServiceCommands
+        , 'domain'              : DomainCommands
+        },
+    )
diff --git a/commands/sssd/setup.cfg b/commands/sssd/setup.cfg
new file mode 100644
index 0000000..2ddce25
--- /dev/null
+++ b/commands/sssd/setup.cfg
@@ -0,0 +1,2 @@
+[upload_docs]
+upload-dir = doc/_build/html
diff --git a/commands/sssd/setup.py.skel b/commands/sssd/setup.py.skel
new file mode 100644
index 0000000..7299b4b
--- /dev/null
+++ b/commands/sssd/setup.py.skel
@@ -0,0 +1,43 @@
+#!/usr/bin/env python
+
+from setuptools import setup, find_packages
+
+try:
+    long_description = open('README.md', 'rt').read()
+except IOError:
+    long_description = ''
+
+setup(
+    name='openlmi-scripts-sssd',
+    version='@@VERSION@@',
+    description='LMI command for SSSD management.',
+    long_description=long_description,
+    author='Pavel Brezina',
+    author_email='pbrezina@redhat.com',
+    url='https://github.com/openlmi/openlmi-scripts',
+    download_url='https://github.com/openlmi/openlmi-scripts/tarball/master',
+    platforms=['Any'],
+    license="BSD",
+    classifiers=[
+        'License :: OSI Approved :: BSD License',
+        'Operating System :: POSIX :: Linux',
+        'Topic :: System :: Systems Administration',
+        'Programming Language :: Python',
+        'Programming Language :: Python :: 2',
+        'Programming Language :: Python :: 2.7',
+        'Intended Audience :: Developers',
+        'Environment :: Console',
+    ],
+
+    install_requires=['openlmi-tools >= 0.9.1'],
+
+    namespace_packages=['lmi', 'lmi.scripts'],
+    packages=['lmi', 'lmi.scripts', 'lmi.scripts.sssd'],
+    include_package_data=True,
+
+    entry_points={
+        'lmi.scripts.cmd': [
+            'sssd = lmi.scripts.sssd.sssd_cmd:SSSD',
+            ],
+        },
+    )