mirror of
git://git.gnupg.org/gnupg.git
synced 2024-10-31 20:08:43 +01:00
2c6bb03cfb
-- I accidently added a gpgSubCertID attribute not realizing that the pgpSubKeyID already carries the long keyid. Remove that. Note that the pgpkeyID has the short keyid and the long keyid has the name pgpCertID. Signed-off-by: Werner Koch <wk@gnupg.org>
206 lines
6.7 KiB
Plaintext
206 lines
6.7 KiB
Plaintext
# gnupg-ldap-scheme.ldif -*- conf -*-
|
|
#
|
|
# Schema for an OpenPGP LDAP keyserver. This is a slighly enhanced
|
|
# version of the original LDAP schema used for PGP keyservers as
|
|
# installed at quite some sites.
|
|
# Revision: 2020-10-07
|
|
|
|
# Note: The index 1000 is just a high number so that OpenLDAP assigns
|
|
# the next available number.
|
|
dn: cn={1000}gnupg-keyserver,cn=schema,cn=config
|
|
objectClass: olcSchemaConfig
|
|
# The base DN for the PGP key space by querying the
|
|
# pgpBaseKeySpaceDN attribute (This is normally
|
|
# 'ou=PGP Keys,dc=example,dc=com').
|
|
olcAttributeTypes: {0}(
|
|
1.3.6.1.4.1.3401.8.2.8
|
|
NAME 'pgpBaseKeySpaceDN'
|
|
DESC 'Points to DN of the object that will store the PGP keys.'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
|
|
SINGLE-VALUE )
|
|
# See gnupg-ldap-init.ldif for a description of the next two attributes
|
|
olcAttributeTypes: {1}(
|
|
1.3.6.1.4.1.3401.8.2.9
|
|
NAME 'pgpSoftware'
|
|
DESC 'Origin of the schema'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
olcAttributeTypes: {2}(
|
|
1.3.6.1.4.1.3401.8.2.10
|
|
NAME 'pgpVersion'
|
|
DESC 'Version of this schema'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
#
|
|
# The attribute holding the OpenPGP keyblock.
|
|
# The legacy PGP LDAP server used pgpKeyV2 instead.
|
|
olcAttributeTypes: {3}(
|
|
1.3.6.1.4.1.3401.8.2.11
|
|
NAME 'pgpKey'
|
|
DESC 'OpenPGP public key block'
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
SINGLE-VALUE )
|
|
# The long key-ID
|
|
olcAttributeTypes: {4}(
|
|
1.3.6.1.4.1.3401.8.2.12
|
|
NAME 'pgpCertID'
|
|
DESC 'OpenPGP long key id'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
# A flag to temporary disable a keyblock
|
|
olcAttributeTypes: {5}(
|
|
1.3.6.1.4.1.3401.8.2.13
|
|
NAME 'pgpDisabled'
|
|
DESC 'pgpDisabled attribute for PGP'
|
|
EQUALITY caseIgnoreMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
# The short key id. This is actually not required and should thus not
|
|
# be used by cleint software.
|
|
olcAttributeTypes: {6}(
|
|
1.3.6.1.4.1.3401.8.2.14
|
|
NAME 'pgpKeyID'
|
|
DESC 'OpenPGP short key id'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
# The algorithm of the key. Used to be "RSA" or "DSS/DH".
|
|
olcAttributeTypes: {7}(
|
|
1.3.6.1.4.1.3401.8.2.15
|
|
NAME 'pgpKeyType'
|
|
DESC 'pgpKeyType attribute for PGP'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
# The User-ID. GnuPG maps its user-ID classes this way:
|
|
# exact: (pgpUserID=%s)
|
|
# substr: (pgpUserID=*%s*)
|
|
# mail: (pgpUserID=*<%s>*)
|
|
# mailsub: (pgpUserID=*<*%s*>*)
|
|
# mailend: (pgpUserID=*<*%s>*)
|
|
olcAttributeTypes: {8}(
|
|
1.3.6.1.4.1.3401.8.2.16
|
|
NAME 'pgpUserID'
|
|
DESC 'User ID(s) associated with the key'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
# The creation time of the primary key.
|
|
# Stored in ISO format: "20201231 120000"
|
|
olcAttributeTypes: {9}(
|
|
1.3.6.1.4.1.3401.8.2.17
|
|
NAME 'pgpKeyCreateTime'
|
|
DESC 'Primary key creation time'
|
|
EQUALITY caseIgnoreMatch
|
|
ORDERING caseIgnoreOrderingMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
# Not used
|
|
olcAttributeTypes: {10}(
|
|
1.3.6.1.4.1.3401.8.2.18
|
|
NAME 'pgpSignerID'
|
|
DESC 'pgpSignerID attribute for PGP'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
# A value of 1 indicated that the keyblock has been revoked
|
|
olcAttributeTypes: {11}(
|
|
1.3.6.1.4.1.3401.8.2.19
|
|
NAME 'pgpRevoked'
|
|
DESC 'pgpRevoked attribute for PGP'
|
|
EQUALITY caseIgnoreMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
# Note that there is no short subkeyid despite that the name
|
|
# is similar to the name of short keyid of the primary key.
|
|
olcAttributeTypes: {12}(
|
|
1.3.6.1.4.1.3401.8.2.20
|
|
NAME 'pgpSubKeyID'
|
|
DESC 'OpenPGP long Subkey ID(s) of the PGP key.'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
# A hint on the keysize.
|
|
olcAttributeTypes: {13}(
|
|
1.3.6.1.4.1.3401.8.2.21
|
|
NAME 'pgpKeySize'
|
|
DESC 'pgpKeySize attribute for PGP'
|
|
EQUALITY caseIgnoreMatch
|
|
ORDERING caseIgnoreOrderingMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
# Expiration time of the primary key.
|
|
# Stored in ISO format: "20201231 120000"
|
|
olcAttributeTypes: {14}(
|
|
1.3.6.1.4.1.3401.8.2.22
|
|
NAME 'pgpKeyExpireTime'
|
|
DESC 'pgpKeyExpireTime attribute for PGP'
|
|
EQUALITY caseIgnoreMatch
|
|
ORDERING caseIgnoreOrderingMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
#
|
|
# The hex encoded fingerprint of the primary key.
|
|
olcAttributeTypes: {15}(
|
|
1.3.6.1.4.1.11591.2.4.1.1
|
|
NAME 'gpgFingerprint'
|
|
DESC 'Fingerprint of the primary key'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
# A list of hex encoded fingerprints of the subkeys.
|
|
olcAttributeTypes: {16}(
|
|
1.3.6.1.4.1.11591.2.4.1.2
|
|
NAME 'gpgSubFingerprint'
|
|
DESC 'Fingerprints of the secondary keys'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
# A list of utf8 encoded addr-spec used instead of mail/rfc822Mailbox
|
|
olcAttributeTypes: {17}(
|
|
1.3.6.1.4.1.11591.2.4.1.3
|
|
NAME 'gpgMailbox'
|
|
DESC 'The utf8 encoded addr-spec of a mailbox'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
#
|
|
# Note: OID 1.3.6.1.4.1.11591.2.4.1.4 is reserved
|
|
# because it was used for short time during development.
|
|
#
|
|
#
|
|
# Used by regular LDAP servers to indicate pgp support.
|
|
#
|
|
olcObjectClasses: {0}(
|
|
1.3.6.1.4.1.3401.8.2.23
|
|
NAME 'pgpServerInfo'
|
|
DESC 'An OpenPGP public keyblock store'
|
|
SUP top
|
|
STRUCTURAL MUST ( cn $ pgpBaseKeySpaceDN )
|
|
MAY ( pgpSoftware $ pgpVersion ) )
|
|
#
|
|
# The original PGP key object extended with a few extra attributes.
|
|
# All new software should set them but this is not enforced for
|
|
# backward compatibility
|
|
olcObjectClasses: {1}(
|
|
1.3.6.1.4.1.3401.8.2.24
|
|
NAME 'pgpKeyInfo'
|
|
DESC 'An OpenPGP public keyblock'
|
|
SUP top
|
|
STRUCTURAL MUST ( pgpCertID $ pgpKey )
|
|
MAY ( pgpDisabled $ pgpKeyID $ pgpKeyType $
|
|
pgpUserID $ pgpKeyCreateTime $ pgpSignerID $
|
|
pgpRevoked $ pgpSubKeyID $ pgpKeySize $
|
|
pgpKeyExpireTime $ gpgFingerprint $
|
|
gpgSubFingerprint $ gpgMailbox ) )
|
|
#
|
|
# end-of-file
|
|
#
|