OpenLDAP schema to store OpenPGP keys?
Walter Haidinger
walter.haidinger at gmx.at
Tue Feb 21 23:12:32 CET 2006
On Tue, 21 Feb 2006, David Shaw wrote:
> > beause GnuPG looks for PGPServerInfo unter the base DN,
> > not under dn="ou=PGP Keys,dc=DOMAIN,dc=COM".
>
> Not exactly. It looks for PGPServerInfo under each DN returned from
> namingContexts in order. It may well check for
> "cn=PGPServerInfo,dc=DOMAIN,dc=COM" first, but once that fails, it'll
> get to "cn=PGPServerInfo,ou=PGP Keys,dc=DOMAIN,dc=COM" next.
As far as I can tell from my slapd logs, it only checks for
"cn=PGPServerInfo,dc=DOMAIN,dc=COM" once and stops failing that.
> > However, adding the next pubkey fails:
> > > gpg --keyserver ldap://localhost --send-keys C2C148FC
> > gpg: sending key C2C148FC to ldap server localhost
> > gpgkeys: error adding key C2C148FC to keyserver: Type or value exists
>
> Very interesting. What version of OpenLDAP are you using?
I'm running 2.2.27, provided by SuSE 10.0.
> I developed this against a 2.0.x version, and it looks like something
> has changed. In gpgkeys_ldap.c, try adding:
>
> unique=1;
>
> At the top of make_one_attr().
I'll try this. Is it ok to stick to 1.4.2?
Walter
More information about the Gnupg-users
mailing list