On Wed, Mar 04, 2020 at 07:29:14AM -0000, Hristina Marosevic wrote:
Hi,
with 'ldap_user_ssh_public_key = userCertificate' this should work, i.e. calling 'sss_ssh_authorizedkeys testUser7' should return the ssh key from above. If there is no output I need the SSSD ssh and domain logs to understand why this fails.
Yes, this is working, but this is only an exported private key and no certificate is sither stored in the LDAP's entry or used by SSSD.
Are the line break added by you or is this the real output? For certificates you have to user 'userCertificate;binary' and store the certificates as binaries in LDAP. When you use the ldapsearch command the output should be:
userCertificate;binary:: MIIGMTCC....
Please note the '::' which indicates that the attribute value is a binary and that it is encoded in base64 to be able to print the output.
The lines don't exist in the LDAP entry. Is the .cer x509 compatible format for storing into LDAP's attribute userCertificate;binary? As I know, so far this is Base64 encoded format (pls correct me if I am wrong) And should I manually add "::" or the LDAP should do that after modifying the entry by adding the binary format of the user certificate? (when user certificate is added without "::" ldapsearch retrieves the user certificate only with "userCertificate;binary: MIIGMTCC...."
BR, Hristina