2013/3/19 Jakub Hrozek <jhrozek@redhat.com>
On Tue, Mar 19, 2013 at 01:56:20PM -0400, Mathieu Lemoine wrote:
> Hello,
>
> I have sssd 1.9.4 (from
> https://launchpad.net/~nicholas-hatch/+archive/auth/+packages) configured
> on an OpenLDAP server.
> getent passwd, getent group, authentication and cache is working great.
>
> My issue now lies with the SSH public key.
>
> My user has the ldapPublicKey objectClass, and the key is in the
> sshPublicKey attribute.
>
> sss_ssh_authorizedkeys is still returning "Error looking up public keys".
> An inquiry on the #sssd chan directed me to this mailing-list and more
> precisely to jcholast, I tried to check out the commits, but nothing seems
> to get out of it...

Full disclosure: I was the one who redirected Mathieu to you, Honza :-)

>
> If any of you had informations regarding that, it'd be greatly appreciated.,
> Mathieu.

I think as a first step, it would be nice to put debug_level=8 into the
[ssh] section of the sssd.conf file, restart the SSSD and then attach
the ssh responder logs (/var/log/sssd/sssd_nss.log).

Also the sssd.conf (sanitized if needed) would come handy.
 
The sssd.conf is simple enough (I attached a cleaned version, I only changed the domain name and dc=* records for "office", anyway, authentication and getent are working just fine, so the connection to my LDAP is not the issue).

Regarding the logs, with debug_level 10, I can see nothing related to ssh in sssd_nss.log. However, I have the following lines in sssd_office.log:

(Tue Mar 19 14:21:11 2013) [sssd[be[office]]] [sdap_attrs_add_ldap_attr] (0x2000): sshPublicKey is not available for [mlemoine].

(Got one per user every ten seconds)

However, sshPublicKey is in my user (mlemoine), which is also the only user with an sshPublicKey attribute.

Did I miss something?

Thanks for your help.