Hi,
I'm running OpenLDAP 2.4.21 on FreeBSD. We do a lot of administration
via phpLDAPAdmin, but I do some command-line stuff. And I've seen an
inconsistency between the two in the ldapPublicKey object class.
When I look in phpLDAPAdmin, my SSH keys start like this:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAw9zmtbk8b...
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfZ/p...
If I do a ldapsearch, however, I get:
sshPublicKey:: c3NoLXJzYSBBQUFBQjNOemFD....
sshPublicKey: ssh-rsa AAAAB3NzaC1
The ssh-rsa or ssh-dss string is missing from all public keys except
the last one displayed. The entries without a key type have a double
colon.
slapcat behaves like ldapsearch.
But I have to believe that the key type information is in the
database, somewhere, because phpLDAPAdmin reports it's there.
I didn't notice this while we used the LPK patch for our SSH servers,
but we're now migrating to the official OpenSSH AuthorizedKeysCommand
feature. I have a script to retrieve the keys, but my SSH servers only
recognize the last key. It rejects the others because they don't have
a key type attached.