Recently reading
https://jpmens.net/2025/03/25/authorizedkeyscommand-in-sshd/
by nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqrmlrk8t89jh2vv57je7xczz4nn5shkaa6m6zqqyh2hjt5ay9m9vse8h77u (nprofile…h77u) and pondered how it could be tied to LDAP, vaguely remembering someone writing about doing as much.
Sure enough, nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq3n409lc4d9w06xuqurrkkh4mtdzc2afc5m07tkkc26u7p2lcq04q2kq5wq (nprofile…q5wq) posted about how ssh-ldap-{helper,wrapper} came to OpenSSH and the AuthorizedKeysCommand functionality:
https://mwl.io/archives/1470
Now I just have to find the time to poke at this (which translates as "this will occupy space in my brain until mid-August when the kids return to school")