[geloest] ssh ldap

[sharbich]

Hallo Ihr Lieben,

ich versuche die OpenSSH LDAP public key authentifizierung zu kompilieren nach folgender Anleitung:

http://d.palmtb.net/2013/06/20/applying ... heezy.html leider ohne Erfolg. Nach dpkg-buildpackage bricht mein Build immer mit folgender Fehlermeldung ab:

Code: Alles auswählen

../auth-rsa.c:186:25: error: request for member 'num' in something not a struktur or union
../auth-rsa.c:189:15: error: request for member 'keys' in something not a structure or union
../auth-rsa.c:249:4: warning: implicit declaration of function 'ldap_keys_free' [-Wimplicit-function-declaration]
../auth-rsa.c:256:59: error: 'ServerOptions' has no member named 'lpk'
make[2]: *** [auth-rsa.o] Fehler 1
make[2]: *** Warte auf noch nicht beendete Prozesse ...
make[2]: Leaving directory '/tmp/openssh-6.0p1'
make[1]: *** [override_dh_auto_build] Fehler 2
make[1]: Leaving directory '/tmp/openssh-6.0p1'
make: *** [build] Fehler 2
dpkg-buildpackage: Fehler-Exitstatus von debian/rules build war 2

und das ganze versuche ich seit ca. einer Woche zum laufen zu bringen. Ich bin einfach nur ratlos...
Lieben Gruß von Stefan Harbich

[Cae]

Ich behaupte mal, du machst was falsch:

Code: Alles auswählen

$ file build-deb/sshd
build-deb/sshd: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, BuildID[sha1]=0xa398bf0e1ab71f8ffe3c7bc0bef0a23bd952ee11, not stripped

dpkg-buildpackage fliegt bei mir auch mit ret=1 auf die Nase, aber das liegt vermutlich daran, dass ich keine "bitte nicht signieren"-Flags uebergeben habe.

Code: Alles auswählen

$ fakeroot debian/rules binary -j5

mit

Code: Alles auswählen

$ dpkg --print-architecture 
amd64

laeuft einwandfrei durch.

Nun zu deiner Situation: Die Typen fuer num und keys werden eigentlich in ldapauth.h festgelegt, ldap_keys_free stammt aus ldapauth.c. Dazu wuerde passen, dass der Patch kaputt ist, was der verlinkte Blogger mit "Modify failed to patch." meint. Entsprechend muss man haendisch nachpatchen, wie die beiden darunter stehenden Diffs von version.h und Makefile.in zeigen. In besagter Makefile.in schlaegt eben das Linken von ldapauth.o fehl, was allerdings nicht zu deinem Fehler passt:

Code: Alles auswählen

$ sed -i 's/ldapauth\.o//' Makefile.in
$ debian/rules clean
...
$ fakeroot debian/rules binary -j5
...
gcc -o ssh-keygen ssh-keygen.o -L. -Lopenbsd-compat/  -fstack-protector-all -Wl,--as-needed -fPIE -pie -Wl,-z,relro -Wl,-z,now -lssh -lopenbsd-compat -lcrypto -ldl -lutil -lz -lnsl  -lldap -lcrypt -lresolv -Wl,-z,relro -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err
sshd.o: In function `main':
/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb/../sshd.c:1584: undefined reference to `ldap_parse_lconf'
/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb/../sshd.c:1586: undefined reference to `ldap_connect'
auth-rsa.o: In function `rsa_key_allowed_in_file':
/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb/../auth-rsa.c:184: undefined reference to `ldap_ismember'
/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb/../auth-rsa.c:185: undefined reference to `ldap_getuserkey'
/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb/../auth-rsa.c:249: undefined reference to `ldap_keys_free'
servconf.o: In function `process_server_config_line':
/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb/../servconf.c:1552: undefined reference to `ldap_parse_servers'
/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb/../servconf.c:1603: undefined reference to `ldap_parse_groups'
auth2-pubkey.o: In function `user_key_allowed2':
/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb/../auth2-pubkey.c:290: undefined reference to `ldap_ismember'
/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb/../auth2-pubkey.c:291: undefined reference to `ldap_getuserkey'
/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb/../auth2-pubkey.c:331: undefined reference to `ldap_keys_free'
collect2: error: ld returned 1 exit status
make[2]: *** [sshd] Error 1
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory `/tmp/tmp.bfzobujWoq/openssh-6.0p1/build-deb'
make[1]: *** [override_dh_auto_build] Error 2
make[1]: Leaving directory `/tmp/tmp.bfzobujWoq/openssh-6.0p1'
make: *** [binary] Error 2
$ 

Hast du build-dep und libldap2-dev wie beschrieben verwendet? Was fuer ein System ist das? Architektur? Release?

Gruss Cae

[sharbich]

Hallo Ihr Lieben,
ich habe Debian Wheezy auf amd64 installiert. Gerstern lief das erstemal das Kompilieren durch.

Code: Alles auswählen

apt-get source openssh
cd openssh-6.0p1 patch -Np1 -i /tmp/openssh-lpk-6.0p1-0.3.9.patch
./configure --with-ldap
dpkg-source --commit
dpkg-buildpackage

Allerdings als ich dann die sshd_config wie unten modifiziert habe, konnten die ganzen LPK Module (UseLPK . . .), nach /etc/init.d/ssh restart nicht geladen werden.

Code: Alles auswählen

UseLPK yes
LpkServers         ldap://10.1.7.1 ldap://10.1.7.2
LpkUserDN          ou=users,dc=example,dc=com
LpkGroupDN         ou=groups,dc=example,dc=com
LpkBindDN          cn=Manager,dc=example,dc=com
LpkBindPw          somepasswordifneeded
LpkServerGroup     somegroupname
LpkForceTLS        yes
LpkSearchTimelimit 3
LpkBindTimelimit   3

Versteht sich von selbst das die o.g. Config nicht mit meinen Werten hinterlegt ist.
Ich hoffe das Ihr mir weiterhelfen könnt?

[sharbich]

Schade das keiner mehr einen Rat für mich hat?

Lieben Gruß

[sharbich]

Gibt es niemanden der seine SSH-Keys im LDAP verwaltet? Das wundert mich aber?

Es wäre schön wenn Ihr mich unterstützen könntet. Danke.

[sharbich]

Hallo Ihr Lieben,
im Logverzeichnis /var/log/auth.log steht folgendes:

Code: Alles auswählen

Apr 15 13:12:46 dsme01 sshd[9655]: Connection from 192.168.200.81 port 48831 on 192.168.178.9 port 22
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-3ubuntu1.2
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1.2 pat OpenSSH* compat 0x04000000
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: Enabling compatibility mode for protocol 2.0
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: Local version string SSH-2.0-OpenSSH_6.6
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: fd 5 setting O_NONBLOCK
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: Network child is on pid 9658
Apr 15 13:12:47 dsme01 sshd[9655]: debug3: preauth child monitor started
Apr 15 13:12:47 dsme01 sshd[9655]: debug3: privsep user:group 105:65534 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: permanently_set_uid: 105/65534 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: SSH2_MSG_KEXINIT received [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: none,zlib@openssh.com [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit:  [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit:  [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: reserved 0  [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit:  [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit:  [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: kex_parse_kexinit: reserved 0  [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: mac_setup: setup hmac-md5 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: kex: client->server aes128-ctr hmac-md5 none [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug2: mac_setup: setup hmac-md5 [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: kex: server->client aes128-ctr hmac-md5 none [preauth]
Apr 15 13:12:47 dsme01 sshd[9655]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Apr 15 13:12:47 dsme01 sshd[8841]: debug2: channel 0: rcvd adjust 49439
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_key_sign entering [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_send entering: type 6 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive_expect entering: type 7 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive entering [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive entering
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: monitor_read: checking request 6
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_answer_sign
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_answer_sign: signature 0x7f09ac42a180(99)
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_send entering: type 7
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: monitor_read: 6 used once, disabling now
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: kex_derive_keys [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: set_newkeys: mode 1 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: set_newkeys: mode 0 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: KEX done [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: userauth-request for user stharbich service ssh-connection method none [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: attempt 0 failures 0 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_getpwnamallow entering [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_send entering: type 8 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_getpwnamallow: waiting for MONITOR_ANS_PWNAM [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive_expect entering: type 9 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive entering [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive entering
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: monitor_read: checking request 8
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_answer_pwnamallow
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: Trying to reverse map address 192.168.200.81.
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: parse_server_config: config reprocess config len 848
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_send entering: type 9
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: monitor_read: 8 used once, disabling now
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: input_userauth_request: setting up authctxt for stharbich [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_start_pam entering [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_send entering: type 100 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_inform_authserv entering [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_send entering: type 4 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: input_userauth_request: try method none [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: userauth_finish: failure partial=0 next methods="publickey,password" [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive entering
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: monitor_read: checking request 100
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: PAM: initializing for "stharbich"
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: PAM: setting PAM_RHOST to "nsthtme01.harnet.de"
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: PAM: setting PAM_TTY to "ssh"
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: monitor_read: 100 used once, disabling now
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive entering
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: monitor_read: checking request 4
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_answer_authserv: service=ssh-connection, style=
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: monitor_read: 4 used once, disabling now
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: userauth-request for user stharbich service ssh-connection method publickey [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: attempt 1 failures 0 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: input_userauth_request: try method publickey [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: test whether pkalg/pkblob are acceptable [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_key_allowed entering [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_send entering: type 22 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive_expect entering: type 23 [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive entering [preauth]
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_request_receive entering
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: monitor_read: checking request 22
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_answer_keyallowed entering
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: mm_answer_keyallowed: key_from_blob: 0x7f09ac4353d0
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Apr 15 13:12:49 dsme01 sshd[9655]: debug3: Running AuthorizedKeysCommand: "/var/LDAP/ldap-keys.sh test" as "root"
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: restore_uid: 0/0
Apr 15 13:12:49 dsme01 sshd[9655]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Apr 15 13:12:49 dsme01 sshd[9655]: debug2: key not found

Das Skript "ldap-keys.sh" sieht wie folgt aus:

Code: Alles auswählen

#!/usr/bin/perl
#takes one argument, the username to get the keys for
die unless $ARGV[0];

open (LDAP, "/usr/bin/ldapsearch -L -xZb\"dc=xyz,dc=de\" '(&(objectClass=posixAccount)(uid=$ARGV[0]))' sshPublicKey |") || die "ldapsearch failed $!\n";

while (<LDAP>) {
next if /^#|^version|^dn\:|^\s*$/;
s/\n//;
s/\://g;
s/sshPublicKey/\n/;

s/^ //;
print;
}
print "\n";

Wenn ich das Skrip auf der Konsole aufrufe kommt folgendes Ergebnis:

Code: Alles auswählen

root@dsme01:/var/LDAP# ./ldap-keys.sh test

root@dsme01:/var/LDAP# 

Ich weis einfach keinen Rat mehr?
Lieben Gruß von Stefan Harbich

[sharbich]

Hallo,
mit folgenden Befehl wird der PublicKey angezeigt

Code: Alles auswählen

ldapsearch -D "cn=admin,dc=xyz,dc=de" -w "secret" -L -xZb"dc=xyz,dc=de" '(&(objectClass=posixAccount)(uid=test))' sshPublicKey

Zur Sicherheit habe ich beide Keys verkürzt

Code: Alles auswählen

version: 1

#
# LDAPv3
# base <dc=xyz,dc=de> with scope subtree
# filter: (&(objectClass=posixAccount)(uid=test))
# requesting: sshPublicKey 
#

# test, users, xyz.de
dn: uid=test,ou=users,dc=xyz,dc=de
sshPublicKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOifShIN4W9Vls4Y26fcNlQ0Rt
 ExvhISZY7rvi3OyDPqEuVMc86LKgmYqSUtB. . .
sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAACBAJnEGYEKiYp0sy5WxEfcOkwgq3sMjc2bW26E
 5gVpS/RDahzhUU13Ij8r2mKC4cWF6og1GfS. . .

# search result

# numResponses: 2
# numEntries: 1

Warum findet das Skript

Code: Alles auswählen

/var/LDAP/ldap-keys.sh

den PublicKey nicht?

[sharbich]

Hallo Ihr Lieben,
ich habe das Problem selbst lösen können. Erstmal habe ich die Installation nach folgenden HowTo durchgeführt:https://vpsboard.com/topic/1541-howto-o ... on-debian/, das ldap-keys.sh Skript musste ich wie folgt anpassen:

Code: Alles auswählen

#!/bin/bash

# get configuration from /etc/ldap.conf
for x in $(sed -n 's/^\([a-zA-Z_]*\) \(.*\)$/\1="\2"/p' /etc/ldap.conf); do 
    eval $x; 
done

OPTIONS=
case "$ssl" in
   start_tls) 
      case "$tls_checkpeer" in
          no) OPTIONS+="-Z";;
          *) OPTIONS+="-ZZ";;
      esac;;
esac

ldapsearch $OPTIONS -H ${uri} \
    -D "${binddn}" -w "${bindpw}" \
    -b "${base}" \
    '(&(objectClass=posixAccount)(uid='"$1"'))' \
    'sshPublicKey' \
    | sed -n '/^ /{H;d};/sshPublicKey:/x;$g;s/\n *//g;s/sshPublicKey: //gp'

wichtig hierbei war das die Variabeln (z.B. ${uri}, . . .) aus der Datei /etc/ldap.conf gelesen werden. In dieser Datei hatte ich zum Teil hinter den Variabeln ein Tab eingefügt, so das die Werte der Variabeln nicht gelesen wurden. Nachdem ich zwischen den Variabeln und den Werten nur ein Leerzeichen eingefügt habe funktionierte alles einwandfrei.