dirmngr: Finalize Active Directory LDAP Schema

--

With these modifications it is now possible to store and retrieve keys
from an AD without manually tweaking the schema.  Permissions need to
be set manuallay, though.

doc/ldap/README.ldap

@@ -379,7 +379,7 @@ To list the entire DIT for the domain "example.com" use this command:
 : ldapsearch -Q -Y EXTERNAL -LLL -H ldapi:/// -b dc=example,dc=com dn
 
 This lists just the DNs.  If you need the entire content of the DIT
-leave our the "dn" argument.  The option "-LLL" selects a useful
+leave out the "dn" argument.  The option "-LLL" selects useful
 formatting options for the output.
 
 ** Insert X.509 Certficate

doc/ldap/gnupg-ldap-ad-init.ldif

@@ -1,17 +1,17 @@
 # gnupg-ldap-ad-init.ldif                                 -*- conf -*-
 #
 # Entries connecting the schema specified in gnupg-ldap-ad-schema.ldif.
-# Revision: 2020-12-08
+# Revision: 2020-12-16
 
-dn: cn=GnuPG Keys,dc=w32demo,dc=g10code,dc=de
+dn: cn=GnuPG Keys,DC=EXAMPLEDC
 changetype: add
 objectClass: container
 cn: GnuPG Keys
 
-dn: cn=PGPServerInfo,dc=w32demo,dc=g10code,dc=de
+dn: cn=PGPServerInfo,DC=EXAMPLEDC
 changetype: add
 objectClass: pgpServerInfo
 cn: PGPServerInfo
-pgpBaseKeySpaceDN: cn=GnuPG Keys,dc=w32demo,dc=g10code,dc=de
+pgpBaseKeySpaceDN: cn=GnuPG Keys,DC=EXAMPLEDC
 pgpSoftware: GnuPG
 pgpVersion: 2 ntds

doc/ldap/gnupg-ldap-ad-schema.ldif

@@ -294,6 +294,7 @@ mustContain: cn
 mustContain: pgpBaseKeySpaceDN
 mayContain: pgpSoftware
 mayContain: pgpVersion
+systemPossSuperiors: domainDNS
 schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYIA==
 
 # The original PGP key object extended with a few extra attributes.
@@ -324,6 +325,7 @@ mayContain: pgpKeyExpireTime
 mayContain: gpgFingerprint
 mayContain: gpgSubFingerprint
 mayContain: gpgMailbox
+systemPossSuperiors: container
 schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYIQ==