On Wed, Mar 04, 2020 at 07:29:14AM -0000, Hristina Marosevic wrote:
Hi,
with 'ldap_user_ssh_public_key = userCertificate' this should work, i.e.
calling 'sss_ssh_authorizedkeys testUser7' should return the ssh key
from above. If there is no output I need the SSSD ssh and domain logs to
understand why this fails.
Yes, this is working, but this is only an exported private key and no certificate is
sither stored in the LDAP's entry or used by SSSD.
Are the line break added by you or is this the real output? For
certificates you have to user 'userCertificate;binary' and store the
certificates as binaries in LDAP. When you use the ldapsearch command
the output should be:
userCertificate;binary:: MIIGMTCC....
Please note the '::' which indicates that the attribute value is a
binary and that it is encoded in base64 to be able to print the output.
The lines don't exist in the LDAP entry.
Is the .cer x509 compatible format for storing into LDAP's attribute
userCertificate;binary? As I know, so far this is Base64 encoded format (pls correct me
if I am wrong)
And should I manually add "::" or the LDAP should do that after modifying the
entry by adding the binary format of the user certificate? (when user certificate is added
without "::" ldapsearch retrieves the user certificate only with
"userCertificate;binary: MIIGMTCC...."
BR,
Hristina