On Sat, Feb 18, 2006 at 10:11:32PM +0100, Peter Palfrader wrote: > Walter Haidinger schrieb am Samstag, dem 18. Feber 2006: > > > Now, I'd like to setup an OpenLDAP server to store the OpenPGP keys (for > > use with GnuPG). Please note that I already have a working OpenLDAP > > server, so I'd only need to add schema, acls and keys, of course. > > > > Btw, can GnuPG also store secret keys in the keyserver? > > > > However, I was unable to find any schema definiton... > > http://asteria.noreply.org/~weasel/PGPKeyserverSchema.zip > > If you get an LDAP keyserver running please document your steps > somewhere and let us know.
Here's a rough guide for OpenLDAP: 0) Have a working OpenLDAP server running already. 1) Copy pgp-keyserver.schema wherever your schemas go. 2) Add an include line in /etc/openldap/slapd.conf for it: include /etc/openldap/schema/pgp-keyserver.schema 3) Add a place to store the keys to /etc/openldap/slapd.conf: database bdb suffix "ou=PGP Keys,dc=DOMAIN,dc=COM" index objectClass eq index pgpCertID,pgpKeyID,pgpKeyType,pgpUserID,pgpKeyCreateTime sub,eq index pgpSignerID,pgpSubKeyID,pgpKeySize,pgpKeyExpireTime sub,eq index pgpDisabled,pgpRevoked eq directory /var/lib/ldap access to dn="ou=PGP Keys,dc=DOMAIN,dc=COM" by * write rootdn "cn=Manager,dc=DOMAIN,dc=COM" 4) Restart slapd 5) Make this file: cat > pgp.ldif dn: ou=PGP Keys,dc=DOMAIN,dc=COM objectclass: organizationalUnit ou: PGP Keys dn: cn=PGPServerInfo,ou=PGP Keys,dc=DOMAIN,dc=COM cn: PGPServerInfo objectclass: pgpserverinfo pgpSoftware: OpenLDAP pgpVersion: 2.2.29 pgpBaseKeyspaceDN: ou=PGP Keys,dc=DOMAIN,dc=COM ^D 6) ldapadd -x -D "cn=Manager,dc=DOMAIN,dc=COM" -W -f pgp.ldif The configuration above obviously allows anyone to write/delete keys. That may or may not be what you want. Note that GPG will use TLS or LDAPS just fine if you want to use that. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
