Thank you for information. I can use this options (OCSP URL, trust cert location) once I
make SSSD derive public keys from user certificate which is a problem that I can not
solve, so far.
The default mapping of the user certificate is from userCertificate;binary LDAP attribute
to SSSD option ldap_user_certificate, but when I have only the certificate in the LDAP
entry (and not the public key, also - as a value of another attribute of the entry - later
configured in sssd), the key is not derived. Another combination that I have tried is
storing the user certificate in the userCertificate;binary attribute and storing the
exported public key as a value of another LDAP attribute but it didn't prove to be a
solution - this is like that because I experimented cases with different public key and
user certificate for one user and the user was accepted without problem - which means that
SSSD did not validated the public key against the user certificate provided by LDAP
Can you please give me instructions on how to configure SSSD to derive the publiy key from
a user certificate (I would like to store only the user certificate in LDAP, not the user
certificate and the exported public key - if possible)?