Python SSSD LDAP Auth

A Python package which supports deobfuscating LDAP passwords contained in (System Security Services Daemon) sssd.conf files.

Inspiration

• Michael Ludvig's sss_deobfuscate script.
• SSSD's /src/util/crypto/libcrypto/crypto_obfuscate.c source file.

Features

• Type Hints / Editor Completion
• Readable
• Fully Tested
• Python 3.6 - 3.10 Support

Install

$ pip install sssdldapauth

Usage

CLI

$ sssdldapauth deobfuscate <obfuscated_password>
<password>

Library

from sssdldapauth import deobfuscate

password = deobfuscate("<obfuscated_password>")

Development

Required Software

Refer to the links provided below to install these development dependencies:

• direnv
• git
• pyenv

Getting Started

Setup

$ <runtimes.txt xargs -n 1 pyenv install -s
$ direnv allow
$ pip install -r requirements/dev.txt
$ pre-commit install
$ pip install -e .

Tests

Run the test suite against the active python environment.

$ pytest

Run the test suite against the active python environment and watch the codebase for any changes.

$ ptw

Run the test suite against all supported python versions.

$ tox

Publishing

Create

1. Update the version number in sssdldapauth/__init__.py.

2. Add an entry in HISTORY.md.

3. Commit the changes, tag the commit, and push the tags:

   $ git commit -am "v<major>.<minor>.<patch>"
   $ git tag v<major>.<minor>.<patch>
   $ git push origin main --tags

4. Convert the tag to a release in GitHub with the history entry as the description.

Build

$ python -m build

Upload

$ twine upload dist/*