Ok : I found where was my mistake :

This is wrong:
>   ldap_user_ssh_public_key = True

This is the right config :
ldap_user_ssh_public_key = sshPublicKey

Now it works !

Thanks to Mathieu :
http://blog.mlemoine.name/2013/04/11/centralizing-server-access.html

And all

Best,

---
Olivier








2013/9/18 Olivier <ldap@guillard.nom.fr>
Hi everyone,

I found this thread about openldap served ssh keys and sssd integration :
https://lists.fedorahosted.org/pipermail/sssd-users/2013-March/000442.html

then I subscribed to this list :-)

I try to make ssh to retreive my users ssh keys in an openldap directory
but I stay stick at some point : could anyone help ?

Here is where I am:

1- I have loaded "openssh-lpk_openldap.schema" in openldap

2- I have configured my account in the directory to know about
    "sshPublicKey" attribute, and I have inserted my key :

# ldapsearch -x -h localhost -b dc=guillard,dc=corp  "(uid=olivier)" sshPublicKey

dn: uid=olivier,dc=guillard,dc=corp
sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAAEBAKXF
.....
BaO51jw8RUAt1u5QDa3UQiQ6X8Vq0j2MUh3LeXfk= guillard@corp

3- I also have configured sssd to tell him to look up for ssh keys in ldap:

# cat /etc/sssd/sssd.conf:

   [domain/default]

    ... (the conf is correct: everything works fine for login§/passwords for example)

    # I have added this in the default/section
   ldap_user_ssh_public_key = True

   [sssd]
   services = nss, pam, ssh
   domains = default

   [nss]

   [pam]

   [ssh]

4- I have restarted sssd (I get no error)

And now I'm stuck

# /usr/bin/sss_ssh_authorizedkeys olivier

  -> does not return anything

Anyone could help : what have I forgotten ?

Any indication about what I should add in ssh_config to tell
sshd to look for keys in sssd cache would also help.

Thanks !

---
Olivier