1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
gnupg/doc/ldap/gnupg-ldap-schema.ldif

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

206 lines
6.7 KiB
Plaintext
Raw Normal View History

2020-10-07 18:33:58 +02:00
# gnupg-ldap-scheme.ldif -*- conf -*-
#
# Schema for an OpenPGP LDAP keyserver. This is a slightly enhanced
2020-10-07 18:33:58 +02:00
# version of the original LDAP schema used for PGP keyservers as
# installed at quite some sites.
# Revision: 2020-10-07
# Note: The index 1000 is just a high number so that OpenLDAP assigns
# the next available number.
dn: cn={1000}gnupg-keyserver,cn=schema,cn=config
objectClass: olcSchemaConfig
# The base DN for the PGP key space by querying the
# pgpBaseKeySpaceDN attribute (This is normally
# 'ou=PGP Keys,dc=example,dc=com').
olcAttributeTypes: {0}(
1.3.6.1.4.1.3401.8.2.8
NAME 'pgpBaseKeySpaceDN'
DESC 'Points to DN of the object that will store the PGP keys.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
# See gnupg-ldap-init.ldif for a description of the next two attributes
olcAttributeTypes: {1}(
1.3.6.1.4.1.3401.8.2.9
NAME 'pgpSoftware'
DESC 'Origin of the schema'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: {2}(
1.3.6.1.4.1.3401.8.2.10
NAME 'pgpVersion'
DESC 'Version of this schema'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
#
# The attribute holding the OpenPGP keyblock.
# The legacy PGP LDAP server used pgpKeyV2 instead.
olcAttributeTypes: {3}(
1.3.6.1.4.1.3401.8.2.11
NAME 'pgpKey'
DESC 'OpenPGP public key block'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
# The long key-ID
olcAttributeTypes: {4}(
1.3.6.1.4.1.3401.8.2.12
NAME 'pgpCertID'
DESC 'OpenPGP long key id'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# A flag to temporary disable a keyblock
olcAttributeTypes: {5}(
1.3.6.1.4.1.3401.8.2.13
NAME 'pgpDisabled'
DESC 'pgpDisabled attribute for PGP'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# The short key id. This is actually not required and should thus not
# be used by client software.
2020-10-07 18:33:58 +02:00
olcAttributeTypes: {6}(
1.3.6.1.4.1.3401.8.2.14
NAME 'pgpKeyID'
DESC 'OpenPGP short key id'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# The algorithm of the key. Used to be "RSA" or "DSS/DH".
olcAttributeTypes: {7}(
1.3.6.1.4.1.3401.8.2.15
NAME 'pgpKeyType'
DESC 'pgpKeyType attribute for PGP'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# The User-ID. GnuPG maps its user-ID classes this way:
# exact: (pgpUserID=%s)
# substr: (pgpUserID=*%s*)
# mail: (pgpUserID=*<%s>*)
# mailsub: (pgpUserID=*<*%s*>*)
# mailend: (pgpUserID=*<*%s>*)
olcAttributeTypes: {8}(
1.3.6.1.4.1.3401.8.2.16
NAME 'pgpUserID'
DESC 'User ID(s) associated with the key'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# The creation time of the primary key.
# Stored in ISO format: "20201231 120000"
olcAttributeTypes: {9}(
1.3.6.1.4.1.3401.8.2.17
NAME 'pgpKeyCreateTime'
DESC 'Primary key creation time'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# Not used
olcAttributeTypes: {10}(
1.3.6.1.4.1.3401.8.2.18
NAME 'pgpSignerID'
DESC 'pgpSignerID attribute for PGP'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# A value of 1 indicated that the keyblock has been revoked
olcAttributeTypes: {11}(
1.3.6.1.4.1.3401.8.2.19
NAME 'pgpRevoked'
DESC 'pgpRevoked attribute for PGP'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# Note that there is no short subkeyid despite that the name
# is similar to the name of short keyid of the primary key.
2020-10-07 18:33:58 +02:00
olcAttributeTypes: {12}(
1.3.6.1.4.1.3401.8.2.20
NAME 'pgpSubKeyID'
DESC 'OpenPGP long Subkey ID(s) of the PGP key.'
2020-10-07 18:33:58 +02:00
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# A hint on the keysize.
2020-10-07 18:33:58 +02:00
olcAttributeTypes: {13}(
1.3.6.1.4.1.3401.8.2.21
NAME 'pgpKeySize'
DESC 'pgpKeySize attribute for PGP'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# Expiration time of the primary key.
# Stored in ISO format: "20201231 120000"
olcAttributeTypes: {14}(
1.3.6.1.4.1.3401.8.2.22
NAME 'pgpKeyExpireTime'
DESC 'pgpKeyExpireTime attribute for PGP'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
#
# The hex encoded fingerprint of the primary key.
olcAttributeTypes: {15}(
1.3.6.1.4.1.11591.2.4.1.1
NAME 'gpgFingerprint'
DESC 'Fingerprint of the primary key'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# A list of hex encoded fingerprints of the subkeys.
olcAttributeTypes: {16}(
1.3.6.1.4.1.11591.2.4.1.2
NAME 'gpgSubFingerprint'
DESC 'Fingerprints of the secondary keys'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# A list of utf8 encoded addr-spec used instead of mail/rfc822Mailbox
olcAttributeTypes: {17}(
1.3.6.1.4.1.11591.2.4.1.3
NAME 'gpgMailbox'
DESC 'The utf8 encoded addr-spec of a mailbox'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# Note: OID 1.3.6.1.4.1.11591.2.4.1.4 is reserved
# because it was used for short time during development.
2020-10-07 18:33:58 +02:00
#
#
# Used by regular LDAP servers to indicate pgp support.
#
olcObjectClasses: {0}(
1.3.6.1.4.1.3401.8.2.23
NAME 'pgpServerInfo'
DESC 'An OpenPGP public keyblock store'
SUP top
STRUCTURAL MUST ( cn $ pgpBaseKeySpaceDN )
MAY ( pgpSoftware $ pgpVersion ) )
#
# The original PGP key object extended with a few extra attributes.
# All new software should set them but this is not enforced for
# backward compatibility
olcObjectClasses: {1}(
1.3.6.1.4.1.3401.8.2.24
NAME 'pgpKeyInfo'
DESC 'An OpenPGP public keyblock'
SUP top
STRUCTURAL MUST ( pgpCertID $ pgpKey )
MAY ( pgpDisabled $ pgpKeyID $ pgpKeyType $
pgpUserID $ pgpKeyCreateTime $ pgpSignerID $
pgpRevoked $ pgpSubKeyID $ pgpKeySize $
pgpKeyExpireTime $ gpgFingerprint $
gpgSubFingerprint $ gpgMailbox ) )
2020-10-07 18:33:58 +02:00
#
# end-of-file
#