sss_obfuscate is used locally on servers to replace clear text passwords in sssd.conf. In our environment we have hundreds of servers and what I usually do is manually generate the password on a test server. I would like to automate ldap_default_authtok via a php interface or API. This is needed because we use one bind DN per server and I'd like to build a web portal where people can request new server bind DNs and randomly generated passwords. 

Is there a way?

Thank you,