Re: Storage of Public Keys with LDAP

[Michael Ströder <michael.stroeder@inka.de>]

Antonin Novak wrote:
> 
> Does anyone know whether it is possible to store Public keys in LDAP.

Which kind of public keys?

X.509:
You can store CA certs, CRLs and client certs. On a LDAPv2 server (like
OpenLDAP 1.2.x) you have to extend the schema (see below). Netscape
Communicator and M$ IE 5+ should be able to retrieve client certs (e.g.
for use with S/MIME e-mails) from LDAP. Retrieving CA certs and CRLs
from LDAP is rather unusual... :-(

PGP:
IMHO there's also a RFC for storing PGP keys on LDAP servers. But I'm
not sure if there are implementations for that...

Ciao, Michael.

------------------------------- beiss -------------------------------
attribute       cACertificate;binary			bin
attribute       authorityRevocationList;binary		bin	
attribute       certificateRevocationList;binary	bin
attribute       crossCertificatePair;binary		bin

attribute       userCertificate;binary                  bin
attribute       userSMIMECertificate;binary             bin

objectclass strongAuthenticationUser
        requires
                objectClass,
                userCertificate;binary
        allows
                userSMIMEcertificate;binary

objectclass certificationAuthority
        requires
                objectClass,
                cACertificate;binary
        allows
                authorityRevocationList;binary,
                certificateRevocationList;binary,
                crossCertificatePair;binary