OpenLDAP schema to store OpenPGP keys?
David Shaw
dshaw at jabberwocky.com
Thu Feb 23 17:45:01 CET 2006
On Thu, Feb 23, 2006 at 03:52:37PM +0000, Walter Haidinger wrote:
> I was unaware that _all_ keyserver options apply to any type, i.e.
> http/hkp/ldap.
> The manpage talks about 'a' preferred keyserver, though, so I thought
> that there can be only one, which means all options are global anyways.
No. Preferred keyservers are a different sort of thing. Look at it
this way: you have one list of options, with which you can use any
keyserver. Preferred keyservers are the OpenPGP way for the keyholder
to say "I like this keyserver - when using my key, please use this
keyserver". It's like an automated way of changing --keyserver on a
per-user ID basis.
> > They're not "options for keyserver x" - they are "options that pertain
> > to keyservers".
> No, not yet but would make sense now with binddn and binddn.
That's true. Here's what I did - keyserver-options must be global,
but I added the ability to have per-keyserver options as well:
Global options:
keyserver-options option1 option2
Options tied to ldap://my.ldap.server:
keyserver ldap://my.ldap.server option1 option2 option3
In your case you could do something like:
keyserver ldap://server binddn="ou=pgp keys, etc..." bindpw=secret
David
More information about the Gnupg-users
mailing list