OpenLDAP schema to store OpenPGP keys?
David Shaw
dshaw at jabberwocky.com
Tue Feb 21 18:46:04 CET 2006
On Tue, Feb 21, 2006 at 05:21:25PM +0100, Walter Haidinger wrote:
> David Shaw wrote:
> > 5) Make this file:
> >
> > cat > pgp.ldif
> > dn: ou=PGP Keys,dc=DOMAIN,dc=COM
> > objectclass: organizationalUnit
> > ou: PGP Keys
> >
> > dn: cn=PGPServerInfo,ou=PGP Keys,dc=DOMAIN,dc=COM
>
> Change this line to:
> dn: cn=PGPServerInfo,dc=DOMAIN,dc=COM
>
> beause GnuPG looks for PGPServerInfo unter the base DN,
> not under dn="ou=PGP Keys,dc=DOMAIN,dc=COM".
Not exactly. It looks for PGPServerInfo under each DN returned from
namingContexts in order. It may well check for
"cn=PGPServerInfo,dc=DOMAIN,dc=COM" first, but once that fails, it'll
get to "cn=PGPServerInfo,ou=PGP Keys,dc=DOMAIN,dc=COM" next.
> After adding the following to slapd.conf
> allow update_anon
> allow bind_anon_dn
> is was finally be able to import my first pubkey:
>
> > gpg --keyserver ldap://localhost --send-keys B15BBBE2
>
> No news is good news!
> ldapsearch confirmed a new DN with the appropriate attributes.
>
> However, adding the next pubkey fails:
> > gpg --keyserver ldap://localhost --send-keys C2C148FC
> gpg: sending key C2C148FC to ldap server localhost
> gpgkeys: error adding key C2C148FC to keyserver: Type or value exists
Very interesting. What version of OpenLDAP are you using? I
developed this against a 2.0.x version, and it looks like something
has changed. In gpgkeys_ldap.c, try adding:
unique=1;
At the top of make_one_attr().
David
More information about the Gnupg-users
mailing list