My Bad... And there we go, everything seems to be working just fine.
Thank you very much for your help!

I'll give it a rest for a couple of days to make sure the cache is working fine for my use case and then I'll document my experience in a blog post.
I hope this will be able to help others and prevent further stupid mistakes like mine!

Thanks again,

2013/3/20 Jan Cholasta <>
On 20.3.2013 15:41, Mathieu Lemoine wrote:

Thanks for all the messages.
I did add the ldap_user_public_key to sssd.conf, but it doesn't seem to
change anything.

In fact, sshPublicKey isn't even requested during the
ldap_search_ext/sdap_get_generic_ext_step call.

I tried to find information on IPA backend, but it seems quite unclear
what this would be.
Attached is an up-to-date sanitized sssd.conf.

If you have any other insight, I'd be glad to test them or provide
additional informations.


The option is named "ldap_user_ssh_public_key", not "ldap_user_public_key".


Jan Cholasta