OpenLDAP schema to store OpenPGP keys?

David Shaw dshaw at
Thu Feb 23 17:45:01 CET 2006

On Thu, Feb 23, 2006 at 03:52:37PM +0000, Walter Haidinger wrote:

> I was unaware that _all_ keyserver options apply to any type, i.e.
> http/hkp/ldap.
> The manpage talks about 'a' preferred keyserver, though, so I thought
> that there can be only one, which means all options are global anyways.

No.  Preferred keyservers are a different sort of thing.  Look at it
this way: you have one list of options, with which you can use any
keyserver.  Preferred keyservers are the OpenPGP way for the keyholder
to say "I like this keyserver - when using my key, please use this
keyserver".  It's like an automated way of changing --keyserver on a
per-user ID basis.

> > They're not "options for keyserver x" - they are "options that pertain
> > to keyservers".

> No, not yet but would make sense now with binddn and binddn.

That's true.  Here's what I did - keyserver-options must be global,
but I added the ability to have per-keyserver options as well:

Global options:
  keyserver-options option1 option2 

Options tied to ldap://my.ldap.server:
  keyserver ldap://my.ldap.server option1 option2 option3

In your case you could do something like:
  keyserver ldap://server binddn="ou=pgp keys, etc..." bindpw=secret


More information about the Gnupg-users mailing list