OpenLDAP schema to store OpenPGP keys?

David Shaw dshaw at
Thu Feb 23 14:03:36 CET 2006

On Thu, Feb 23, 2006 at 01:01:48PM +0100, Walter Haidinger wrote:
> On Thu, February 23, 2006 00:28, David Shaw wrote:
> >> Next release of 1.4.x or 1.9.x?
> >
> > 1.4.3.  I've added the new feature, so you could probably grab the
> > gpgkeys_ldap.c from svn and use it in your 1.4.2 if you like.  There
> > aren't significant changes to the keyserver protocol between the two.
> > Just replace the existing gpgkeys_ldap.c with the new one and
> > recompile.
> I've checked out rev. 4020 (gpg reports version 1.4.3rc1).
> First the good news: Anonymous access works, can send and receive
> keys just fine. The problem about the pgpKeysize is gone, although
> I did _not_ do any changes to the code. The CVS diffs show that you
> probably took care of this.

I did.

> There is a bug in the option parsing. Added a few diagnostics
> in main() of gpgkeys_ldap.c, which showed that binddn is already
> truncated after and including the first comma when you strdup() it
> from start[], i.e. any DN, like 'a,b,c,d' would be truncated to 'a'.
> Had a quick look but no obvious origin of the problem.

Not a bug - you're quoting it wrong in the shell.  It takes a lot to
make the shell not eat stuff sometimes:

 --keyserver-option "binddn=\"uid=user1,ou=PGP Users,dc=EXAMPLE,dc=COM\""

That is, quote the value, not the name=value.  The parser in GPG
understands quotes.


More information about the Gnupg-users mailing list