Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 9. Querying domain information using SSSD
You can use sssctl to retrieve and analyze domain-related data from the System Security Services Daemon (SSSD). SSSD can list domains in Identity Management (IdM) as well as the domains in Active Directory that is connected to IdM by a cross-forest trust.
You can list available domains, check their status, and troubleshoot identity and authentication issues.
9.1. Listing domains using sssctl
You can use the sssctl domain-list command to debug problems with the domain topology.
The status might not be available immediately. If the domain is not visible, repeat the command.
Prerequisites
- You must be logged in with administrator privileges.
Procedure
Optional: To display help for the
sssctlcommand, enter:sssctl --help
[user@client1 ~]$ sssctl --help ....Copy to Clipboard Copied! Toggle word wrap Toggle overflow - To display a list of available domains, enter:
sssctl domain-list
[root@client1 ~]# sssctl domain-list
implicit_files
idm.example.com
ad.example.com
sub1.ad.example.comThe list includes domains in the cross-forest trust between Active Directory and Identity Management.
9.2. Verifying the domain status using sssctl
You can use the sssctl domain-status command to debug problems with the domain topology.
The status might not be available immediately. If the domain is not visible, repeat the command.
Prerequisites
- You must be logged in with administrator privileges.
Procedure
Optional: To display help for the
sssctlcommand, enter:sssctl --help
[user@client1 ~]$ sssctl --helpCopy to Clipboard Copied! Toggle word wrap Toggle overflow To display user data for a particular domain, replace
<domain_name>with the actual domain name and enter:sssctl domain-status <domain_name>
[root@client1 ~]# sssctl domain-status <domain_name>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Example output for the domain idm.example.com
Copy to Clipboard Copied! Toggle word wrap Toggle overflow The domain
idm.example.comis online and visible from the client where you applied the command.
If the domain is not available, the result is:
sssctl domain-status <domain_name>
[root@client1 ~]# sssctl domain-status <domain_name>
Unable to get online status
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}