diff --git a/doc/ldap/gnupg-ldap-ad-schema.ldif b/doc/ldap/gnupg-ldap-ad-schema.ldif index 6c4d19f15..a8810809e 100644 --- a/doc/ldap/gnupg-ldap-ad-schema.ldif +++ b/doc/ldap/gnupg-ldap-ad-schema.ldif @@ -3,7 +3,7 @@ # Schema for an OpenPGP LDAP keyserver. This is a slighly enhanced # version of the original LDAP schema used for PGP keyservers as # installed at quite some sites. -# Revision: 2020-12-08 +# Revision: 2020-12-15 # Some notes: # - Backup your AD! It is not possible to revert changes of the schema. @@ -181,7 +181,7 @@ oMSyntax: 64 isSingleValued: TRUE schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYCw== -# The Subkey key ids +# The Subkey key ids (16 hex digits) dn: CN=pgpSubKeyID,CN=Schema,CN=Configuration,DC=EXAMPLEDC changetype: ntdsSchemaAdd objectClass: attributeSchema @@ -254,18 +254,6 @@ oMSyntax: 64 isSingleValued: FALSE schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYEQ== -# A list of hex encoded long keyids of all subkeys. -dn: CN=gpgSubCertID,CN=Schema,CN=Configuration,DC=EXAMPLEDC -changetype: ntdsSchemaAdd -objectClass: attributeSchema -attributeID: 1.3.6.1.4.1.11591.2.4.1.4 -lDAPDisplayName: gpgSubCertID -description: OpenPGP long subkey id -attributeSyntax: 2.5.5.12 -oMSyntax: 64 -isSingleValued: FALSE -schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYEg== - # Unused GUIDs: # 9AbnpaXqQR6d3S5OZomYEw== # 9AbnpaXqQR6d3S5OZomYFA== @@ -335,7 +323,6 @@ mayContain: pgpKeySize mayContain: pgpKeyExpireTime mayContain: gpgFingerprint mayContain: gpgSubFingerprint -mayContain: gpgSubCertID mayContain: gpgMailbox schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYIQ== diff --git a/doc/ldap/gnupg-ldap-schema.ldif b/doc/ldap/gnupg-ldap-schema.ldif index 02d04fa46..be6a4646a 100644 --- a/doc/ldap/gnupg-ldap-schema.ldif +++ b/doc/ldap/gnupg-ldap-schema.ldif @@ -116,14 +116,16 @@ olcAttributeTypes: {11}( EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +# Note that there is no short subkeyid despite that the name +# is similar to the name of short keyid of the primary key. olcAttributeTypes: {12}( 1.3.6.1.4.1.3401.8.2.20 NAME 'pgpSubKeyID' - DESC 'Sub-key ID(s) of the PGP key.' + DESC 'OpenPGP long Subkey ID(s) of the PGP key.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# A hin on the keysize. +# A hint on the keysize. olcAttributeTypes: {13}( 1.3.6.1.4.1.3401.8.2.21 NAME 'pgpKeySize' @@ -169,14 +171,9 @@ olcAttributeTypes: {17}( EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# A list of hex encoded long keyids of all subkeys. -olcAttributeTypes: {18}( - 1.3.6.1.4.1.11591.2.4.1.4 - NAME 'gpgSubCertID' - DESC 'OpenPGP long subkey id' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +# +# Note: OID 1.3.6.1.4.1.11591.2.4.1.4 is reserved +# because it was used for short time during development. # # # Used by regular LDAP servers to indicate pgp support. @@ -202,8 +199,7 @@ olcObjectClasses: {1}( pgpUserID $ pgpKeyCreateTime $ pgpSignerID $ pgpRevoked $ pgpSubKeyID $ pgpKeySize $ pgpKeyExpireTime $ gpgFingerprint $ - gpgSubFingerprint $ gpgSubCertID $ - gpgMailbox ) ) + gpgSubFingerprint $ gpgMailbox ) ) # # end-of-file #