Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

LDAP PKI/OpenSSH
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Skillshot
n00b
n00b


Joined: 20 Nov 2002
Posts: 70
Location: KA, Germany
PostPosted: Wed Dec 06, 2006 2:37 pm    Post subject: LDAP PKI/OpenSSH Reply with quote
Hi there,

after searching for a solution quite a while i'm hoping to get some help here:

I did setup an openldap-server for authentication/authorisation of my users and now i'm trying to use ldap for public key distribution. I can see the querys from sshd in the logfile but when it comes to

(&(objectClass=posixGroup)(dn=cn=users,ou=Group,dc=myserver,dc=de))

the query returns nothing.

The users-Group does exist:
# ldapsearch -LLL "(&(objectClass=posixGroup)(cn=users))"

dn: cn=users,ou=Group,dc=myserver,dc=de
gidNumber: 100
cn: users
userPassword:: XXXXXXXX
objectClass: posixGroup
objectClass: top
memberUid: bregen


Maybe someone here can help me out to understand whats (not ;)) hapening ...

Versions:
openldap-2.3.27-r3 on the server
openssh-4.4_p1-r6 on the client

Thx, Skillshot
Back to top
View user's profile Send private message
vad3r
Guru
Guru


Joined: 02 May 2004
Posts: 461
Location: Munich, Germany
PostPosted: Thu Dec 07, 2006 12:05 pm    Post subject: Reply with quote
If i get you right you want to sshd to authenticate your users with keys located in your ldap directory. Therfore you need to change your users in the directory. Here's one of my users:

Code:
dn: uid=John Doe,ou=users,c=de,dc=company,dc=com
cn: John Doe
...
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: ldapPublicKey
....
sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAACBAMtrhifA4PfzU2ZvM2+jTbfRxm0X9S+Edc
 PleJ8Wy51IVjx8aRJ0iQe1Sy39X8m47OfweFzVp1X8xYSjtxC61NBkeWBbnqiBIMEs63gTE1tHh
 2Dw/k2EMnl5qbW2y4xabQqgTMjVRv2x6adJr6Wnu+FlUwAe3B+zn7RdvSOxjc1dAAAAFQCP9rQe
 pn/I2k1E4M8L2k............................................................................... john.doe@my-company.com
...


After updating your users this way and configuring ssh to query the right LDAP subtree everything should work as expected. You can even add multiple Keys per user (i have a lot of users with more than one key)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy