OpenLDAP schema to store OpenPGP keys?

David Shaw dshaw at
Tue Feb 21 18:46:04 CET 2006

On Tue, Feb 21, 2006 at 05:21:25PM +0100, Walter Haidinger wrote:
> David Shaw wrote:
> > 5) Make this file:
> >
> > cat > pgp.ldif
> > dn: ou=PGP Keys,dc=DOMAIN,dc=COM
> > objectclass: organizationalUnit
> > ou: PGP Keys
> >
> > dn: cn=PGPServerInfo,ou=PGP Keys,dc=DOMAIN,dc=COM
> Change this line to:
>   dn: cn=PGPServerInfo,dc=DOMAIN,dc=COM
> beause GnuPG looks for PGPServerInfo unter the base DN,
> not under dn="ou=PGP Keys,dc=DOMAIN,dc=COM".

Not exactly.  It looks for PGPServerInfo under each DN returned from
namingContexts in order.  It may well check for
"cn=PGPServerInfo,dc=DOMAIN,dc=COM" first, but once that fails, it'll
get to "cn=PGPServerInfo,ou=PGP Keys,dc=DOMAIN,dc=COM" next.

> After adding the following to slapd.conf
>   allow update_anon
>   allow bind_anon_dn
> is was finally be able to import my first pubkey:
> > gpg --keyserver ldap://localhost --send-keys B15BBBE2
> No news is good news!
> ldapsearch confirmed a new DN with the appropriate attributes.
> However, adding the next pubkey fails:
> > gpg --keyserver ldap://localhost --send-keys C2C148FC
> gpg: sending key C2C148FC to ldap server localhost
> gpgkeys: error adding key C2C148FC to keyserver: Type or value exists

Very interesting.  What version of OpenLDAP are you using?  I
developed this against a 2.0.x version, and it looks like something
has changed.  In gpgkeys_ldap.c, try adding:


At the top of make_one_attr().


More information about the Gnupg-users mailing list