1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-22 14:57:02 +01:00
gnupg/doc/ldap/gnupg-ldap-schema.ldif
Werner Koch 2c6bb03cfb
dirmngr: Remove superfluous attribute from the LDAP schema.
--

I accidently added a gpgSubCertID attribute not realizing that the
pgpSubKeyID already carries the long keyid.  Remove that.  Note that
the pgpkeyID has the short keyid and the long keyid has the name
pgpCertID.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-12-15 08:52:06 +01:00

206 lines
6.7 KiB
Plaintext

# gnupg-ldap-scheme.ldif -*- conf -*-
#
# Schema for an OpenPGP LDAP keyserver. This is a slighly enhanced
# version of the original LDAP schema used for PGP keyservers as
# installed at quite some sites.
# Revision: 2020-10-07
# Note: The index 1000 is just a high number so that OpenLDAP assigns
# the next available number.
dn: cn={1000}gnupg-keyserver,cn=schema,cn=config
objectClass: olcSchemaConfig
# The base DN for the PGP key space by querying the
# pgpBaseKeySpaceDN attribute (This is normally
# 'ou=PGP Keys,dc=example,dc=com').
olcAttributeTypes: {0}(
1.3.6.1.4.1.3401.8.2.8
NAME 'pgpBaseKeySpaceDN'
DESC 'Points to DN of the object that will store the PGP keys.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE )
# See gnupg-ldap-init.ldif for a description of the next two attributes
olcAttributeTypes: {1}(
1.3.6.1.4.1.3401.8.2.9
NAME 'pgpSoftware'
DESC 'Origin of the schema'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcAttributeTypes: {2}(
1.3.6.1.4.1.3401.8.2.10
NAME 'pgpVersion'
DESC 'Version of this schema'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
#
# The attribute holding the OpenPGP keyblock.
# The legacy PGP LDAP server used pgpKeyV2 instead.
olcAttributeTypes: {3}(
1.3.6.1.4.1.3401.8.2.11
NAME 'pgpKey'
DESC 'OpenPGP public key block'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
# The long key-ID
olcAttributeTypes: {4}(
1.3.6.1.4.1.3401.8.2.12
NAME 'pgpCertID'
DESC 'OpenPGP long key id'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# A flag to temporary disable a keyblock
olcAttributeTypes: {5}(
1.3.6.1.4.1.3401.8.2.13
NAME 'pgpDisabled'
DESC 'pgpDisabled attribute for PGP'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# The short key id. This is actually not required and should thus not
# be used by cleint software.
olcAttributeTypes: {6}(
1.3.6.1.4.1.3401.8.2.14
NAME 'pgpKeyID'
DESC 'OpenPGP short key id'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# The algorithm of the key. Used to be "RSA" or "DSS/DH".
olcAttributeTypes: {7}(
1.3.6.1.4.1.3401.8.2.15
NAME 'pgpKeyType'
DESC 'pgpKeyType attribute for PGP'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# The User-ID. GnuPG maps its user-ID classes this way:
# exact: (pgpUserID=%s)
# substr: (pgpUserID=*%s*)
# mail: (pgpUserID=*<%s>*)
# mailsub: (pgpUserID=*<*%s*>*)
# mailend: (pgpUserID=*<*%s>*)
olcAttributeTypes: {8}(
1.3.6.1.4.1.3401.8.2.16
NAME 'pgpUserID'
DESC 'User ID(s) associated with the key'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# The creation time of the primary key.
# Stored in ISO format: "20201231 120000"
olcAttributeTypes: {9}(
1.3.6.1.4.1.3401.8.2.17
NAME 'pgpKeyCreateTime'
DESC 'Primary key creation time'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# Not used
olcAttributeTypes: {10}(
1.3.6.1.4.1.3401.8.2.18
NAME 'pgpSignerID'
DESC 'pgpSignerID attribute for PGP'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# A value of 1 indicated that the keyblock has been revoked
olcAttributeTypes: {11}(
1.3.6.1.4.1.3401.8.2.19
NAME 'pgpRevoked'
DESC 'pgpRevoked attribute for PGP'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# Note that there is no short subkeyid despite that the name
# is similar to the name of short keyid of the primary key.
olcAttributeTypes: {12}(
1.3.6.1.4.1.3401.8.2.20
NAME 'pgpSubKeyID'
DESC 'OpenPGP long Subkey ID(s) of the PGP key.'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# A hint on the keysize.
olcAttributeTypes: {13}(
1.3.6.1.4.1.3401.8.2.21
NAME 'pgpKeySize'
DESC 'pgpKeySize attribute for PGP'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# Expiration time of the primary key.
# Stored in ISO format: "20201231 120000"
olcAttributeTypes: {14}(
1.3.6.1.4.1.3401.8.2.22
NAME 'pgpKeyExpireTime'
DESC 'pgpKeyExpireTime attribute for PGP'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
#
# The hex encoded fingerprint of the primary key.
olcAttributeTypes: {15}(
1.3.6.1.4.1.11591.2.4.1.1
NAME 'gpgFingerprint'
DESC 'Fingerprint of the primary key'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
# A list of hex encoded fingerprints of the subkeys.
olcAttributeTypes: {16}(
1.3.6.1.4.1.11591.2.4.1.2
NAME 'gpgSubFingerprint'
DESC 'Fingerprints of the secondary keys'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# A list of utf8 encoded addr-spec used instead of mail/rfc822Mailbox
olcAttributeTypes: {17}(
1.3.6.1.4.1.11591.2.4.1.3
NAME 'gpgMailbox'
DESC 'The utf8 encoded addr-spec of a mailbox'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# Note: OID 1.3.6.1.4.1.11591.2.4.1.4 is reserved
# because it was used for short time during development.
#
#
# Used by regular LDAP servers to indicate pgp support.
#
olcObjectClasses: {0}(
1.3.6.1.4.1.3401.8.2.23
NAME 'pgpServerInfo'
DESC 'An OpenPGP public keyblock store'
SUP top
STRUCTURAL MUST ( cn $ pgpBaseKeySpaceDN )
MAY ( pgpSoftware $ pgpVersion ) )
#
# The original PGP key object extended with a few extra attributes.
# All new software should set them but this is not enforced for
# backward compatibility
olcObjectClasses: {1}(
1.3.6.1.4.1.3401.8.2.24
NAME 'pgpKeyInfo'
DESC 'An OpenPGP public keyblock'
SUP top
STRUCTURAL MUST ( pgpCertID $ pgpKey )
MAY ( pgpDisabled $ pgpKeyID $ pgpKeyType $
pgpUserID $ pgpKeyCreateTime $ pgpSignerID $
pgpRevoked $ pgpSubKeyID $ pgpKeySize $
pgpKeyExpireTime $ gpgFingerprint $
gpgSubFingerprint $ gpgMailbox ) )
#
# end-of-file
#