LDAP support w/ PGP 8.0 & iPlanet Directory Server

David Shaw dshaw at jabberwocky.com
Sun Jan 12 18:50:02 CET 2003

On Fri, Jan 10, 2003 at 07:24:57PM +0000, William Korb wrote:

> > Once we have a PGPServerInfo record to give us the baseKeySpaceDN,
> > then searching and key retrieval at least should work.
> Yes, that's right. I'll send you my gpgkeys_ldap.c as it currently stands 
> (in a separate e-mail) so you can see my changes in context.


> > Could the problem with adding be as simple as providing all of the
> > missing attributes (pgpRevoked, pgpKeyCreatetime, etc.) ?
> Yes, I think that's a fair assessment.

Ok.  This is not terribly secure as the client can lie, but it's not
that bad since the data will of course be revalidated when the key is
imported.  You can't really do better without a customized LDAP
server, which sort of defeats the purpose.

So, some more questions:

What are the required attributes?  Does it use pgpKey or pgpKeyV2?
Are there any requirements as to the "software" or "version"
attributes to PGPServerInfo?  In the past, for versions > 1, we've
used pgpKeyV2 (i.e. pgpKey plus photo IDs, revocation keys, etc).


   David Shaw  |  dshaw at jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list