LDAP

In order to enable LDAP to fetch usernames for a SSH public key you need to pass a json configuration via --ldap-config="/path/to/ldap.json". Local public keys in./keys``` have precedence.

• username: the bind user name to LDAP (optional).
• password: the password for the bind user (optional, if empty it uses anonymous bind).
• address: the full address and port to LDAP server.
• baseDN: the base DN of your user scope.
• filter: the filter to fetch a username. %s will be replaced by the requested authorization key.
• attribute: the attribute name of the username.

config

{
        "username": "MyLdapBindUser",
        "password": "",
        "address": "ldap://server.local:389",
        "baseDN": "OU=Developer,DC=Domain,DC=local",
        "filter": "(sshPublicKeys=%s*)",
        "attribute": "sAMAccountName"
}