> On Wed, Mar 04, 2020 at 07:29:14AM -0000, Hristina Marosevic wrote: > > Hi, > > with 'ldap_user_ssh_public_key = userCertificate' this should work, i.e. > calling 'sss_ssh_authorizedkeys testUser7' should return the ssh key > from above. If there is no output I need the SSSD ssh and domain logs to > understand why this fails.
Yes, this is working, but this is only an exported private key and no certificate is sither stored in the LDAP's entry or used by SSSD. > Are the line break added by you or is this the real output? For > certificates you have to user 'userCertificate;binary' and store the > certificates as binaries in LDAP. When you use the ldapsearch command > the output should be: > > userCertificate;binary:: MIIGMTCC.... > > Please note the '::' which indicates that the attribute value is a > binary and that it is encoded in base64 to be able to print the output. > The lines don't exist in the LDAP entry. Is the .cer x509 compatible format for storing into LDAP's attribute userCertificate;binary? As I know, so far this is Base64 encoded format (pls correct me if I am wrong) And should I manually add "::" or the LDAP should do that after modifying the entry by adding the binary format of the user certificate? (when user certificate is added without "::" ldapsearch retrieves the user certificate only with "userCertificate;binary: MIIGMTCC...." BR, Hristina _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
