Thank you for the ticket.

I think the sssd-ldap manual page has a better explanation where it says:

           Examples:

           ldap_user_extra_attrs = telephoneNumber

           Save the “telephoneNumber” attribute from LDAP as “telephoneNumber” to the cache.

           ldap_user_extra_attrs = phone:telephoneNumber

           Save the “telephoneNumber” attribute from LDAP as “phone” to the cache.

If you think it would make the documentation clearer, I can amend also the sssd.conf docs to say something like the sssd-ldap manual page says.

That would be great! It's also not entirely clear to me if I have to put something in ldap_user_extra_attrs to use it from eg ldap_user_ssh_public_key.

OK, let me send a PR. But I don't understand your use case with the public key, can you explain in better to me, please?

I'm trying to have sss_ssh_authorizedkeys query against a user's sshPubKeys attribute (as from openssh-ldap-publickey) instead of ipaSshPubKey.

Then just setting ldap_user_ssh_public_key = sshPubKeys should do what you want.

btw the user ssh public key is already fetched by default. You don't have to add it to the extra attributes list. The extra attribtues list is mostly useful if you use the D-Bus API and want to access some attributes that sssd doesn't fetch by default already.

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4849

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.