On Sat, 19 Sep 2015, Jakub Hrozek wrote:
On 18 Sep 2015, at 19:17, Gustavo Mateus <gustavo.mat...@gmail.com> wrote:
That only shows this:
# extended LDIF
# base <cn=compat,dc=my,dc=domain,dc=com> with scope subtree
# requesting: ALL
# admin, users, compat, my.domain.com
Since sshPublicKey is not listed here, the ACIs still prevent you from
reading the attribute. You need to either bind as a user who has
permissions to read it or make the public key world-readable (I don't
think making it world-readable would be an issue since it's a pubkey)
Compat tree doesn't have ipaSSHPublicKey.
Why are you pointing to the compat tree instead of the normal one?
You should only use compat tree for two reasons:
- your POSIX client does not understand RFC2307bis
- your POSIX client does not use recent SSSD and you want to have trust to
Active Directory working.
For the rest of cases you should really point your POSIX clients to the
main subtree, not the compat one.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project