On 04/11/2013 02:04 PM, Mathieu Lemoine wrote: > Hello, > > Me again. As promised, here is the link to the blog post: > http://blog.mlemoine.name/2013/04/11/centralizing-server-access.html > > Enjoy! (Feedback is welcome and will be appreciated.) > Thank you for the pointer. Several commends
s/SSSd/SSSD Please remove enumeration. We ask people not to use enumeration up until it is really needed. So if you "really need it" please say that your case is somewhat odd. The enumeration creates a lot of burden on the server. The enumeration is needed only in the case when the servers you access run unattended for a long period of time with noone *ever* logging into them. If this is the case then enumeration is probably the right thing to do as this is the only way to sync up data and make it available before outage for the case of outage. However in most cases people log into the systems periodically. In this case the data is cached and the enumeration is really not needed. Can you please augment it in the article? It is really important because people start to use enumerate = true and get into delays when they really do not need to use enumeration. Also I am not sure that enumeration really affects the data that is needed for SSH integration. Can someone confirm that please? "to read about this match, " did you mean "patch"? Thanks Dmitri > Mathieu. > > > 2013/3/25 Dmitri Pal <[email protected] <mailto:[email protected]>> > > On 03/19/2013 01:52 PM, Mathieu Lemoine wrote: >> Hello, >> >> I have sssd 1.9.4 (from >> https://launchpad.net/~nicholas-hatch/+archive/auth/+packages >> <https://launchpad.net/%7Enicholas-hatch/+archive/auth/+packages>) >> configured >> on an OpenLDAP server. >> getent passwd, getent group, authentication and cache is working >> great. >> >> My issue now lies with the SSH public key. >> >> My user has the ldapPublicKey objectClass, and the key is in the >> sshPublicKey attribute. >> >> sss_ssh_authorizedkeys is still returning "Error looking up >> public keys". >> An inquiry on the #sssd chan directed me to this mailing-list and >> more precisely to jcholast, I tried to check out the commits, but >> nothing seems to get out of it... >> >> If any of you had informations regarding that, it'd be greatly >> appreciated., >> Mathieu. > > See the slide deck attached. > I suspect the implimatation assumes ipa schema not the one you > mention. And the reason is that we have found other schemata limiting. > > HTH > > >> >> >> _______________________________________________ >> sssd-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/> > > > > _______________________________________________ > sssd-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.fedorahosted.org/mailman/listinfo/sssd-users > > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
