Hi, I'm running OpenLDAP 2.4.21 on FreeBSD. We do a lot of administration via phpLDAPAdmin, but I do some command-line stuff. And I've seen an inconsistency between the two in the ldapPublicKey object class.
When I look in phpLDAPAdmin, my SSH keys start like this: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAw9zmtbk8b... ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfZ/p... If I do a ldapsearch, however, I get: sshPublicKey:: c3NoLXJzYSBBQUFBQjNOemFD.... sshPublicKey: ssh-rsa AAAAB3NzaC1 The ssh-rsa or ssh-dss string is missing from all public keys except the last one displayed. The entries without a key type have a double colon. slapcat behaves like ldapsearch. But I have to believe that the key type information is in the database, somewhere, because phpLDAPAdmin reports it's there. I didn't notice this while we used the LPK patch for our SSH servers, but we're now migrating to the official OpenSSH AuthorizedKeysCommand feature. I have a script to retrieve the keys, but my SSH servers only recognize the last key. It rejects the others because they don't have a key type attached. Any suggestions? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery [email protected], Twitter @mwlauthor
