Yeah, I know its deprecated, and since I doubt we have any users (yet) of it in Gentoo I dropped support for the old tool, and will only document the new one.
Basically, for passkey support, I need a schema that looks like this:
attributeTypes: ( passkey-oid NAME 'passkey' DESC 'Passkey mapping' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) objectclasses: ( passkeyUser-oid NAME 'passkeyUser' DESC 'Passkey user' AUXILIARY MAY passkey )
The "passKey user" objectClass can be added as an auxiliary class to the appropriate DN, which has the "passkey" member in the format SSSD expects. ("passkey":CredentialID,PEM)
Short of borrowing the IDP schema for passkeys, I don't see a good way of doing this. I don;t think either the FIDO2 or Yubico one will work for what SSSD is expecting.