Dem slapd das ldapPublicKey-Schema hinzufügen:
apt-get install fusiondirectory-plugin-ssh-schema
schema2ldif /etc/ldap/schema/fusiondirectory/openssh-lpk.schema > /etc/ldap/schema/fusiondirectory/openssh-lpk.ldif
((
#
# LDAP Public Key Patch schema for use with openssh-ldappubkey
# Author: Eric AUGE
#
# Based on the proposal of : Mark Ruijter
#
# octetString SYNTAX
attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
DESC 'MANDATORY: OpenSSH Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
# printableString SYNTAX yes|no
objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
DESC 'MANDATORY: OpenSSH LPK objectclass'
MAY ( sshPublicKey $ uid )
)
dn: cn=openssh-lpk,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: openssh-lpk
#
# LDAP Public Key Patch schema for use with openssh-ldappubkey
# Author: Eric AUGE
#
# Based on the proposal of : Mark Ruijter
#
# octetString SYNTAX
olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey'
DESC 'MANDATORY: OpenSSH Public key'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
# printableString SYNTAX yes|no
olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
DESC 'MANDATORY: OpenSSH LPK objectclass'
MAY ( sshPublicKey $ uid )
)
))
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/fusiondirectory/openssh-lpk.ldif
Dem Benutzer den Schlüssel hinzufügen:
cat < add-sshPublicKey.ldif
dn: uid=$USERNAME,ou=people,$DOMAIN
changeType: modify
add: objectClass
objectClass: ldapPublicKey
-
add: sshPublicKey
sshPublicKey: $(cat ~/.ssh/authorized_keys)
LDIF
sssd konfigurieren:
…
[sssd]
…
services = nss, pam, ssh
…
sssctl config-check
service sssd restart
sshd konfigurieren:
…
AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
AuthorizedKeysCommandUser nobody
…
service ssh restart