#3598 [RFE] Allow sssd to read the certificate attributes instead of blob look-up against the LDAP
Closed: duplicate 3 years ago Opened 4 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1521083

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:

Clients are running RHEL 7.4 and Active Directory as identity provider for

Smartcards deployed in AD and would like to use them for authentication.

Configured everything according to this SSSD documentation:

It works and user can authenticate with the smartcard.

However we would like to setup things without the need to publish user
certificate in LDAP entry.

If we do not publish the user certificate in LDAP entry, the user is not
prompted for PIN and the authentication does not work.

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1521083

4 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.0

4 years ago

Metadata Update from @jhrozek:
- Issue priority set to: major

4 years ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)

3 years ago

Hi @jhrozek,

I think this can be closed as duplicate of #3500, do you agree or do you think there is an aspect here which is missing in #3500?


I agree with closing. I didn't even know we had a separate ticket.

Metadata Update from @jhrozek:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4621

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.