dirmngr: Remove superfluous attribute from the LDAP schema.

-- I accidently added a gpgSubCertID attribute not realizing that the pgpSubKeyID already carries the long keyid. Remove that. Note that the pgpkeyID has the short keyid and the long keyid has the name pgpCertID. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-15 08:52:06 +01:00 · 2020-12-15 08:52:06 +01:00 · 2c6bb03cfb
parent e9ddd61fe9
commit 2c6bb03cfb
2 changed files with 10 additions and 27 deletions
--- a/doc/ldap/gnupg-ldap-ad-schema.ldif
+++ b/doc/ldap/gnupg-ldap-ad-schema.ldif
@ -3,7 +3,7 @@
 # Schema for an OpenPGP LDAP keyserver.  This is a slighly enhanced
 # version of the original LDAP schema used for PGP keyservers as
 # installed at quite some sites.
-# Revision: 2020-12-08
+# Revision: 2020-12-15

 # Some notes:
 # - Backup your AD! It is not possible to revert changes of the schema.
@ -181,7 +181,7 @@ oMSyntax: 64
 isSingleValued: TRUE
 schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYCw==

-# The Subkey key ids
+# The Subkey key ids (16 hex digits)
 dn: CN=pgpSubKeyID,CN=Schema,CN=Configuration,DC=EXAMPLEDC
 changetype: ntdsSchemaAdd
 objectClass: attributeSchema
@ -254,18 +254,6 @@ oMSyntax: 64
 isSingleValued: FALSE
 schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYEQ==

-# A list of hex encoded long keyids of all subkeys.
-dn: CN=gpgSubCertID,CN=Schema,CN=Configuration,DC=EXAMPLEDC
-changetype: ntdsSchemaAdd
-objectClass: attributeSchema
-attributeID: 1.3.6.1.4.1.11591.2.4.1.4
-lDAPDisplayName: gpgSubCertID
-description: OpenPGP long subkey id
-attributeSyntax: 2.5.5.12
-oMSyntax: 64
-isSingleValued: FALSE
-schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYEg==
-
 # Unused GUIDs:
 #  9AbnpaXqQR6d3S5OZomYEw==
 #  9AbnpaXqQR6d3S5OZomYFA==
@ -335,7 +323,6 @@ mayContain: pgpKeySize
 mayContain: pgpKeyExpireTime
 mayContain: gpgFingerprint
 mayContain: gpgSubFingerprint
-mayContain: gpgSubCertID
 mayContain: gpgMailbox
 schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYIQ==

--- a/doc/ldap/gnupg-ldap-schema.ldif
+++ b/doc/ldap/gnupg-ldap-schema.ldif
@ -116,14 +116,16 @@ olcAttributeTypes: {11}(
    EQUALITY caseIgnoreMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
    SINGLE-VALUE )
+# Note that there is no short subkeyid despite that the name
+# is similar to the name of short keyid of the primary key.
 olcAttributeTypes: {12}(
    1.3.6.1.4.1.3401.8.2.20
    NAME 'pgpSubKeyID'
-    DESC 'Sub-key ID(s) of the PGP key.'
+    DESC 'OpenPGP long Subkey ID(s) of the PGP key.'
    EQUALITY caseIgnoreMatch
    SUBSTR caseIgnoreSubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-# A hin on the keysize.
+# A hint on the keysize.
 olcAttributeTypes: {13}(
    1.3.6.1.4.1.3401.8.2.21
    NAME 'pgpKeySize'
@ -169,14 +171,9 @@ olcAttributeTypes: {17}(
    EQUALITY caseIgnoreMatch
    SUBSTR caseIgnoreSubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-# A list of hex encoded long keyids of all subkeys.
-olcAttributeTypes: {18}(
-    1.3.6.1.4.1.11591.2.4.1.4
-    NAME 'gpgSubCertID'
-    DESC 'OpenPGP long subkey id'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+# Note: OID 1.3.6.1.4.1.11591.2.4.1.4 is reserved
+# because it was used for short time during development.
 #
 #
 # Used by regular LDAP servers to indicate pgp support.
@ -202,8 +199,7 @@ olcObjectClasses: {1}(
                      pgpUserID $ pgpKeyCreateTime $ pgpSignerID $
                      pgpRevoked $ pgpSubKeyID $ pgpKeySize $
                      pgpKeyExpireTime $ gpgFingerprint $
-                      gpgSubFingerprint $ gpgSubCertID $
-                      gpgMailbox ) )
+                      gpgSubFingerprint $ gpgMailbox ) )
 #
 # end-of-file
 #