On Tue, 7 May 2013, Vishesh kumar wrote:
I think here "User Information" will be fetched from ldap. Openssh will use library calls for getting ldap user information same as it do for users in /etc/passwd. Key based authentication will work in normal way but interested to see if key can be stored on ldap server.
[[This is not really OpenLDAP related, so I've set replies to me instead of the list.]]
As of OpenSSH 6.2, released on March 22, 2013:
* sshd(8): Added a sshd_config(5) option AuthorizedKeysCommand to support fetching authorized_keys from a command in addition to (or instead of) from the filesystem. The command is run under an account specified by an AuthorizedKeysCommandUser sshd_config(5) option.
So, you can configure sshd to run a script which invokes ldapsearch and munges the output into the expected format. No need to hack ldap calls directly into sshd.
Philip Guenther