Thanks Dimitri for the feedback. I made the modifications you asked for. Including a disclaimer regarding enumerate. I wasn't aware of this issue by the way. So thank you.
>From what I can made out of the logs I was given to read, I think SSSD actually fetch the ssh public key during the enumerate phase along with all the others LDAP fields. BTW, please refer to the version I linked here and not the one on mentel.com. Because this is the one I'll keep updating on a long term basis. The company webmaster won't like having updates each times I'll find a neat trick to refine the config. And I do hope to include further tips on my blog as I'll keep working with SSSD (For example, I intend to take a look at the kerberos integration some time in the future). Mathieu. 2013/4/11 Dmitri Pal <[email protected]> > On 04/11/2013 02:04 PM, Mathieu Lemoine wrote: > > Hello, > > Me again. As promised, here is the link to the blog post: > http://blog.mlemoine.name/2013/04/11/centralizing-server-access.html > > Enjoy! (Feedback is welcome and will be appreciated.) > > Thank you for the pointer. Several commends > > s/SSSd/SSSD > > Please remove enumeration. We ask people not to use enumeration up until > it is really needed. So if you "really need it" please say that your case > is somewhat odd. > The enumeration creates a lot of burden on the server. The enumeration is > needed only in the case when the servers you access run unattended for a > long period of time with noone *ever* logging into them. If this is the > case then enumeration is probably the right thing to do as this is the only > way to sync up data and make it available before outage for the case of > outage. > However in most cases people log into the systems periodically. In this > case the data is cached and the enumeration is really not needed. > Can you please augment it in the article? It is really important because > people start to use enumerate = true and get into delays when they really > do not need to use enumeration. > Also I am not sure that enumeration really affects the data that is needed > for SSH integration. Can someone confirm that please? > > "to read about this match, " did you mean "patch"? > > > Thanks > Dmitri > > > Mathieu. > > > 2013/3/25 Dmitri Pal <[email protected]> > >> On 03/19/2013 01:52 PM, Mathieu Lemoine wrote: >> >> Hello, >> >> I have sssd 1.9.4 (from >> https://launchpad.net/~nicholas-hatch/+archive/auth/+packages<https://launchpad.net/%7Enicholas-hatch/+archive/auth/+packages>) >> configured on an OpenLDAP server. >> getent passwd, getent group, authentication and cache is working great. >> >> My issue now lies with the SSH public key. >> >> My user has the ldapPublicKey objectClass, and the key is in the >> sshPublicKey attribute. >> >> sss_ssh_authorizedkeys is still returning "Error looking up public keys". >> An inquiry on the #sssd chan directed me to this mailing-list and more >> precisely to jcholast, I tried to check out the commits, but nothing seems >> to get out of it... >> >> If any of you had informations regarding that, it'd be greatly >> appreciated., >> Mathieu. >> >> >> See the slide deck attached. >> I suspect the implimatation assumes ipa schema not the one you mention. >> And the reason is that we have found other schemata limiting. >> >> HTH >> >> >> >> >> _______________________________________________ >> sssd-users mailing >> [email protected]https://lists.fedorahosted.org/mailman/listinfo/sssd-users >> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager for IdM portfolio >> Red Hat Inc. >> >> >> ------------------------------- >> Looking to carve out IT costs?www.redhat.com/carveoutcosts/ >> >> >> _______________________________________________ >> sssd-users mailing list >> [email protected] >> https://lists.fedorahosted.org/mailman/listinfo/sssd-users >> >> > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > >
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
