On Wed, Mar 04, 2020 at 02:12:30PM -0000, Hristina Marosevic wrote: > > On Wed, Mar 04, 2020 at 07:29:14AM -0000, Hristina Marosevic wrote: > > > > Hi, > > > > with 'ldap_user_ssh_public_key = userCertificate' this should work, i.e. > > calling 'sss_ssh_authorizedkeys testUser7' should return the ssh key > > from above. If there is no output I need the SSSD ssh and domain logs to > > understand why this fails. > > Yes, this is working, but this is only an exported private key and no > certificate is sither stored in the LDAP's entry or used by SSSD. > > > Are the line break added by you or is this the real output? For > > certificates you have to user 'userCertificate;binary' and store the > > certificates as binaries in LDAP. When you use the ldapsearch command > > the output should be: > > > > userCertificate;binary:: MIIGMTCC.... > > > > Please note the '::' which indicates that the attribute value is a > > binary and that it is encoded in base64 to be able to print the output. > > > > The lines don't exist in the LDAP entry. > Is the .cer x509 compatible format for storing into LDAP's attribute > userCertificate;binary? As I know, so far this is Base64 encoded format (pls > correct me if I am wrong) > And should I manually add "::" or the LDAP should do that after modifying the > entry by adding the binary format of the user certificate? (when user > certificate is added without "::" ldapsearch retrieves the user certificate > only with "userCertificate;binary: MIIGMTCC...."
Hi, how do you add the certificate to the LDAP entry? bye, Sumit > > BR, > Hristina > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
