On Wed, Mar 04, 2020 at 02:12:30PM -0000, Hristina Marosevic wrote:
> On Wed, Mar 04, 2020 at 07:29:14AM -0000, Hristina Marosevic
wrote:
>
> Hi,
>
> with 'ldap_user_ssh_public_key = userCertificate' this should work, i.e.
> calling 'sss_ssh_authorizedkeys testUser7' should return the ssh key
> from above. If there is no output I need the SSSD ssh and domain logs to
> understand why this fails.
Yes, this is working, but this is only an exported private key and no certificate is
sither stored in the LDAP's entry or used by SSSD.
> Are the line break added by you or is this the real output? For
> certificates you have to user 'userCertificate;binary' and store the
> certificates as binaries in LDAP. When you use the ldapsearch command
> the output should be:
>
> userCertificate;binary:: MIIGMTCC....
>
> Please note the '::' which indicates that the attribute value is a
> binary and that it is encoded in base64 to be able to print the output.
>
The lines don't exist in the LDAP entry.
Is the .cer x509 compatible format for storing into LDAP's attribute
userCertificate;binary? As I know, so far this is Base64 encoded format (pls correct me
if I am wrong)
And should I manually add "::" or the LDAP should do that after modifying the
entry by adding the binary format of the user certificate? (when user certificate is added
without "::" ldapsearch retrieves the user certificate only with
"userCertificate;binary: MIIGMTCC...."
Hi,
how do you add the certificate to the LDAP entry?
bye,
Sumit
BR,
Hristina
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...