2013/3/19 Jakub Hrozek <jhrozek@redhat.com>
On Tue, Mar 19, 2013 at 07:15:21PM +0100, Jakub Hrozek wrote:
> On Tue, Mar 19, 2013 at 01:56:20PM -0400, Mathieu Lemoine wrote:
> > Hello,
> >
> > I have sssd 1.9.4 (from
> > https://launchpad.net/~nicholas-hatch/+archive/auth/+packages) configured
> > on an OpenLDAP server.
> > getent passwd, getent group, authentication and cache is working great.
> >
> > My issue now lies with the SSH public key.
> >
> > My user has the ldapPublicKey objectClass, and the key is in the
> > sshPublicKey attribute.
> >
> > sss_ssh_authorizedkeys is still returning "Error looking up public keys".
> > An inquiry on the #sssd chan directed me to this mailing-list and more
> > precisely to jcholast, I tried to check out the commits, but nothing seems
> > to get out of it...
> Full disclosure: I was the one who redirected Mathieu to you, Honza :-)
> >
> > If any of you had informations regarding that, it'd be greatly appreciated.,
> > Mathieu.
> I think as a first step, it would be nice to put debug_level=8 into the
> [ssh] section of the sssd.conf file, restart the SSSD and then attach
> the ssh responder logs (/var/log/sssd/sssd_nss.log).

Sorry, this is a copy-n-paste error. The *ssh* responder log is located

The path I copied was the *nss* responder log. Sorry again.
Ok, so first point, I didn't know I needed a sss responder for ssh (not mentionned anywhere as far as I know). Thanks for this.
I added ", ssh" to the "services" line and restarted sssd.

sss_ssh.log stays hopelessly empty even with debug_level 10 and I still have the sshPublicKey is not available in sss_office.log

However sss_ssh_authorizedkeys now doesn't return any error, just a big nothing...

Attached is the ldif of my user (I removed any sensitive information, anyway, the entry has been fetched using anonymous access, so passwords and such has been left aside.