Hello, Thank you for information. I can use this options (OCSP URL, trust cert location) once I make SSSD derive public keys from user certificate which is a problem that I can not solve, so far. The default mapping of the user certificate is from userCertificate;binary LDAP attribute to SSSD option ldap_user_certificate, but when I have only the certificate in the LDAP entry (and not the public key, also - as a value of another attribute of the entry - later configured in sssd), the key is not derived. Another combination that I have tried is storing the user certificate in the userCertificate;binary attribute and storing the exported public key as a value of another LDAP attribute but it didn't prove to be a solution - this is like that because I experimented cases with different public key and user certificate for one user and the user was accepted without problem - which means that SSSD did not validated the public key against the user certificate provided by LDAP
Can you please give me instructions on how to configure SSSD to derive the publiy key from a user certificate (I would like to store only the user certificate in LDAP, not the user certificate and the exported public key - if possible)? BR, Hristina _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
