From Fedora Project Wiki


Check authentication of user with LDAP, IPA and AD


  1. Add a LDAP and IPA user with passkey_mapping:
  2. For IPA, ipa user-add-passkey <username> <passkey_mapping>,
  3. for LDAP, user must be added with objectclass: passkeyUser

and attribute, passkey,

  1. for AD, create the user and add the passkey to the altSecurityIdentities attribute.
  2. Setup SSSD client with FIDO2/passkey.
  	for LDAP server, we need to add 'local_auth_policy = only' under domain section. 

How to test

  1. Check authentication of the user using su.

Expected Results

  1. User authenticates successfully.