LDAP Schema and SSH Private Key

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

LDAP Schema and SSH Private Key

Jeff Johnston
Greetings,

The documentation for setting up Guacamole via Docker images is fantastic, but there is one configuration element that I can't get working properly: storing the SSH private-key in an LDAP database.

The other connections and parameters entries in my LDAP server work are recognized including hostname=, port=, and username=.

For the private-key= parameter, Chapter 5 specifies that it needs to be in the OpenSSH format as generated by ssh-keygen.  This is generally represented in a multi-line format, with a max width for each line.  When storing private-key in a mySQL database, Guacamole provides a multi-line text entry box to maintain this format.  This doesn't appear (to me) to be possible for LDAP.

Thus far, trying to enter the private-key as a single line (manually removing the carriage returns) has not worked.  Editing out the ---BEGIN...--- and ---END...--- sections also has not worked.  Is there something I should be doing differently?  Can anyone provide an example LDIF that can be added to include an SSH private-key?

Thanks,
Jeff
Reply | Threaded
Open this post in threaded view
|

Re: LDAP Schema and SSH Private Key

vnick
On Wed, Nov 27, 2019 at 7:37 AM Jeff Johnston <[hidden email]> wrote:
Greetings,

The documentation for setting up Guacamole via Docker images is fantastic, but there is one configuration element that I can't get working properly: storing the SSH private-key in an LDAP database.

The other connections and parameters entries in my LDAP server work are recognized including hostname=, port=, and username=.

For the private-key= parameter, Chapter 5 specifies that it needs to be in the OpenSSH format as generated by ssh-keygen.  This is generally represented in a multi-line format, with a max width for each line.  When storing private-key in a mySQL database, Guacamole provides a multi-line text entry box to maintain this format.  This doesn't appear (to me) to be possible for LDAP.

I don't have a great answer for you, other than to say that there likely is a way to handle this, as it is not uncommon to store both public and private certificates in LDAP, as well as things like JPEG photos.  I don't have an LDAP directory for storing Guacamole configurations set up right now, so I can't try anything out at the moment, but I'm guessing it's just the right encoding/line breaks/etc., that would allow it to be parsed and read in successfully.

-Nick