[...] AuthorizedKeysCommand /usr/bin/ssh-ldap-fetcher --ldap-uri ldap://ldap.tld --ldap-base dc=tld --ldap-filter "(&(objectClass=person)(uid=%%s))" --ldap-attr sshPublicKey --use-tls --syslog %u AuthorizedKeysCommandUser nobody