add-sshpublickey-ad-support.diff

--- a/src/providers/ad/ad_opts.c
+++ b/src/providers/ad/ad_opts.c
@@ -215,7 +215,7 @@
     { "ldap_user_nds_login_disabled", NULL, SYSDB_NDS_LOGIN_DISABLED, NULL },
     { "ldap_user_nds_login_expiration_time", NULL, SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL },
     { "ldap_user_nds_login_allowed_time_map", NULL, SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL },
-    { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL },
+    { "ldap_user_ssh_public_key", "sshPublicKey", SYSDB_SSH_PUBKEY, NULL },
     { "ldap_user_auth_type", NULL, SYSDB_AUTH_TYPE, NULL },
     { "ldap_user_certificate", NULL, SYSDB_USER_CERT, NULL },
     SDAP_ATTR_MAP_TERMINATOR

Introduction

This patch modifies SSSD to be able to query Active Directory for the "sshPublicKey" user attribute.

As a result, the sss_ssh_authorizedkeys command will work with Active Directory.

Usage

Run the following commands as root to recompile SSSD with this patch:

# Run this command if you need to add source repositories to apt-get
grep ^deb /etc/apt/sources.list | \
  sed s/^deb/deb-src/gi > /etc/apt/sources.list.d/deb-src.list
# Install dpkg-dev package to build SSSD
apt install -y dpkg-dev
# Fetch the latest source release of SSSD
cd && apt update && apt source sssd && apt build-dep -y sssd
# Download this patch file to the debian/patches directory of SSSD source
cd sssd-* && wget -O debian/patches/add-sshpublickey-ad-support.diff \
  https://gist.githubusercontent.com/clayfreeman/09617f32a7f4645c1f1bd40d9956c1d3/raw/add-sshpublickey-ad-support.diff
# Import the patch so that it will be detected by dpkg-buildpackage
quilt import debian/patches/add-sshpublickey-ad-support.diff
# Build the debian installer files for this package (ignoring signatures)
dpkg-buildpackage -us -uc
# Install the updated SSSD AD provider and prevent updates to it
cd && dpkg -i sssd-ad_*.deb && apt-mark hold sssd-ad