On Wed, Mar 04, 2020 at 02:12:30PM -0000, Hristina Marosevic wrote:
On Wed, Mar 04, 2020 at 07:29:14AM -0000, Hristina Marosevic wrote:
Hi,
with 'ldap_user_ssh_public_key = userCertificate' this should work, i.e. calling 'sss_ssh_authorizedkeys testUser7' should return the ssh key from above. If there is no output I need the SSSD ssh and domain logs to understand why this fails.
Yes, this is working, but this is only an exported private key and no certificate is sither stored in the LDAP's entry or used by SSSD.
Are the line break added by you or is this the real output? For certificates you have to user 'userCertificate;binary' and store the certificates as binaries in LDAP. When you use the ldapsearch command the output should be:
userCertificate;binary:: MIIGMTCC....
Please note the '::' which indicates that the attribute value is a binary and that it is encoded in base64 to be able to print the output.
The lines don't exist in the LDAP entry. Is the .cer x509 compatible format for storing into LDAP's attribute userCertificate;binary? As I know, so far this is Base64 encoded format (pls correct me if I am wrong) And should I manually add "::" or the LDAP should do that after modifying the entry by adding the binary format of the user certificate? (when user certificate is added without "::" ldapsearch retrieves the user certificate only with "userCertificate;binary: MIIGMTCC...."
Hi,
how do you add the certificate to the LDAP entry?
bye, Sumit
BR, Hristina _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...