On Wed, Mar 04, 2020 at 02:12:30PM -0000, Hristina Marosevic wrote:
> On Wed, Mar 04, 2020 at 07:29:14AM -0000, Hristina Marosevic
> with 'ldap_user_ssh_public_key = userCertificate' this should work, i.e.
> calling 'sss_ssh_authorizedkeys testUser7' should return the ssh key
> from above. If there is no output I need the SSSD ssh and domain logs to
> understand why this fails.
Yes, this is working, but this is only an exported private key and no certificate is
sither stored in the LDAP's entry or used by SSSD.
> Are the line break added by you or is this the real output? For
> certificates you have to user 'userCertificate;binary' and store the
> certificates as binaries in LDAP. When you use the ldapsearch command
> the output should be:
> userCertificate;binary:: MIIGMTCC....
> Please note the '::' which indicates that the attribute value is a
> binary and that it is encoded in base64 to be able to print the output.
The lines don't exist in the LDAP entry.
Is the .cer x509 compatible format for storing into LDAP's attribute
userCertificate;binary? As I know, so far this is Base64 encoded format (pls correct me
if I am wrong)
And should I manually add "::" or the LDAP should do that after modifying the
entry by adding the binary format of the user certificate? (when user certificate is added
without "::" ldapsearch retrieves the user certificate only with
how do you add the certificate to the LDAP entry?
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines