OpenLDAP schema to store OpenPGP keys?
David Shaw
dshaw at jabberwocky.com
Mon Feb 20 21:36:57 CET 2006
On Sat, Feb 18, 2006 at 10:11:32PM +0100, Peter Palfrader wrote:
> Walter Haidinger schrieb am Samstag, dem 18. Feber 2006:
>
> > Now, I'd like to setup an OpenLDAP server to store the OpenPGP keys (for
> > use with GnuPG). Please note that I already have a working OpenLDAP
> > server, so I'd only need to add schema, acls and keys, of course.
> >
> > Btw, can GnuPG also store secret keys in the keyserver?
> >
> > However, I was unable to find any schema definiton...
>
> http://asteria.noreply.org/~weasel/PGPKeyserverSchema.zip
>
> If you get an LDAP keyserver running please document your steps
> somewhere and let us know.
Here's a rough guide for OpenLDAP:
0) Have a working OpenLDAP server running already.
1) Copy pgp-keyserver.schema wherever your schemas go.
2) Add an include line in /etc/openldap/slapd.conf for it:
include /etc/openldap/schema/pgp-keyserver.schema
3) Add a place to store the keys to /etc/openldap/slapd.conf:
database bdb
suffix "ou=PGP Keys,dc=DOMAIN,dc=COM"
index objectClass eq
index pgpCertID,pgpKeyID,pgpKeyType,pgpUserID,pgpKeyCreateTime sub,eq
index pgpSignerID,pgpSubKeyID,pgpKeySize,pgpKeyExpireTime sub,eq
index pgpDisabled,pgpRevoked eq
directory /var/lib/ldap
access to dn="ou=PGP Keys,dc=DOMAIN,dc=COM" by * write
rootdn "cn=Manager,dc=DOMAIN,dc=COM"
4) Restart slapd
5) Make this file:
cat > pgp.ldif
dn: ou=PGP Keys,dc=DOMAIN,dc=COM
objectclass: organizationalUnit
ou: PGP Keys
dn: cn=PGPServerInfo,ou=PGP Keys,dc=DOMAIN,dc=COM
cn: PGPServerInfo
objectclass: pgpserverinfo
pgpSoftware: OpenLDAP
pgpVersion: 2.2.29
pgpBaseKeyspaceDN: ou=PGP Keys,dc=DOMAIN,dc=COM
^D
6) ldapadd -x -D "cn=Manager,dc=DOMAIN,dc=COM" -W -f pgp.ldif
The configuration above obviously allows anyone to write/delete keys.
That may or may not be what you want. Note that GPG will use TLS or
LDAPS just fine if you want to use that.
David
More information about the Gnupg-users
mailing list