2013/3/19 Jakub Hrozek <jhrozek(a)redhat.com>
On Tue, Mar 19, 2013 at 01:56:20PM -0400, Mathieu Lemoine wrote:
> I have sssd 1.9.4 (from
> on an OpenLDAP server.
> getent passwd, getent group, authentication and cache is working great.
> My issue now lies with the SSH public key.
> My user has the ldapPublicKey objectClass, and the key is in the
> sshPublicKey attribute.
> sss_ssh_authorizedkeys is still returning "Error looking up public keys".
> An inquiry on the #sssd chan directed me to this mailing-list and more
> precisely to jcholast, I tried to check out the commits, but nothing
> to get out of it...
Full disclosure: I was the one who redirected Mathieu to you, Honza :-)
> If any of you had informations regarding that, it'd be greatly
I think as a first step, it would be nice to put debug_level=8 into the
[ssh] section of the sssd.conf file, restart the SSSD and then attach
the ssh responder logs (/var/log/sssd/sssd_nss.log).
Also the sssd.conf (sanitized if needed) would come handy.
The sssd.conf is simple enough (I attached a cleaned version, I only
changed the domain name and dc=* records for "office", anyway,
authentication and getent are working just fine, so the connection to my
LDAP is not the issue).
Regarding the logs, with debug_level 10, I can see nothing related to ssh
in sssd_nss.log. However, I have the following lines in sssd_office.log:
(Tue Mar 19 14:21:11 2013) [sssd[be[office]]] [sdap_attrs_add_ldap_attr]
(0x2000): sshPublicKey is not available for [mlemoine].
(Got one per user every ten seconds)
However, sshPublicKey is in my user (mlemoine), which is also the only user
with an sshPublicKey attribute.
Did I miss something?
Thanks for your help.