Re: Storing Special German Characters in OpenLDAP as PGP-Directory

[Alejandra Moreno <alejandra.moreno@atrete.ch>]

Hi!
Everything is running ok now, however, I have the same problem as you
with umlauts. Did you find a solution? The thing is that it works for
NAI's PGPKeyServer, so they implement something...

Alejandra

At 13:41 03.01.2002 +0100, you wrote:
> Hi!
>
> I think a script will not really help me, I want the pgp client to send
> the keys
> to my directory. I'm hoping that NAI will fix this. ;-)
>
> The exact schema you need is included in my first mail, and you have to
> use PGP
> Version 7.x. Version 7.x is providing LDAP-Directories as keyservers.
> When you
> use this schema, all should work, but you have to do some
> adjustments:
>
> (0. install the schema)
> 1. add an ou to store the keys (e.g. ou=PGP
> Keys,dc=mycompany,dc=com)
> 2. add an entry named PGPServerInfo to let the PGP client find the space,
> where
> the PGP keys are stored
> I think this is the critical point to make all run. ;-)
>      dn: cn=PGPServerInfo,dc=mycompany,dc=com
>      pgpbasekeyspacedn: ou=PGP
> Keys,dc=mycompany,dc=com
>      pgpsoftware: OpenLDAP
>      pgpversion: 2.0.19
>      objectclass: top
>      objectclass: pgpServerInfo
>      cn: PGPServerInfo
> 3. set access permissions
>
> If you want to update/send pgp keys by the client, you must allow
> anonymous
> write to the pgpspace. However there are some problems to me with
> access
> control. It will work to me only, if I add
>      access to * by * write
> as last line. I'm wondering what pgp is trying to do. Perhaps someone can
> help.
> :-))
>
> Now you should be able to use OpenLDAP as PGP Directory. :-)
>
>
> Best Regards,
> Joachim
>
>
>
>
>
>
> Alejandra Moreno <alejandra.moreno@atrete.ch> am 03.01.2002
> 12:08:56
>
>
> An:   Joachim Koch/Login/DE/MLP@MLP,
> openldap-software@OpenLDAP.org
> Kopie:
>
> Thema:    Re: Storing Special German Characters in
> OpenLDAP as  PGP-Directory
>       [Virus checked (@MLP)]  [Virus
> checked]
>
>
>
>
> Hi!
>
> I had this same problem with umlauts, and I think the best solution is
> for
> you to encode with utf8 after creating the ldif file. If you are
> interested
> in some scripts that do this, just tell me.
> I have been trying to connect the NAI PGP clients to my LDAP directory,
> but
> nobody seems to have done this succesfully. Could you tell me the
> exact
> structure of schema you are using and how the tree looks like?
> Thanks!
>
> Regards,
> Alejandra
>
> At 14:00 02.01.2002 +0100, you wrote:
> >Hello and happy new year!
> >
> >I try to use OpenLDAP as PGP-Directory for storing PGP keys and
> PGP
> >configuration. All seems to work fine as long as I do not try to put
> in any
> >pgpUserIDs with German 'umlauts' (funny german characters like
> äöüß....).
> >If the
> >pgpUserID contains such a character I get the following error:
> >      "invald syntax". LDAP-Server
> error: tag=105 err=21 text=pgpuserid:
> > value #0
> >contains invalid data
> >
> >The attribute pgpUserID is defined as Directory String:
> >attributetype   (
> >        
> 1.3.6.1.4.1.3401.8.2.16
> >         NAME
> 'pgpUserID'
> >         EQUALITY
> caseIgnoreMatch
> >         SUBSTR 
> caseIgnoreSubstringsMatch
> >         SYNTAX
> 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >I think the problem is that OpenLDAP is expecting special character
> UTF-8
> >coded
> >(standard), but PGP sends the UserID plain uncoded.
> >
> >Following is the schema I'm using:
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.8
> >      NAME 'pgpBaseKeySpaceDN'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.9
> >      NAME 'pgpSoftware'
> >      EQUALITY caseIgnoreMatch
> >      SUBSTR caseIgnoreSubstringsMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.10
> >      NAME 'pgpVersion'
> >      EQUALITY caseIgnoreMatch
> >      SUBSTR caseIgnoreSubstringsMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.11
> >      NAME 'pgpKey'
> >      EQUALITY caseExactIA5Match
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.12
> >      NAME 'pgpCertID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.13
> >      NAME 'pgpDisabled'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.14
> >      NAME 'pgpKeyID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.15
> >      NAME 'pgpKeyType'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.16
> >      NAME 'pgpUserID'
> >      EQUALITY caseIgnoreMatch
> >      SUBSTR   
> caseIgnoreSubstringsMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.17
> >      NAME 'pgpKeyCreateTime'
> >      EQUALITY caseIgnoreMatch
> >      ORDERING caseIgnoreOrderingMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.18
> >      NAME 'pgpSignerID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.19
> >      NAME 'pgpRevoked'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.20
> >      NAME 'pgpSubKeyID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.21
> >      NAME 'pgpKeySize'
> >      EQUALITY caseIgnoreMatch
> >      ORDERING caseIgnoreOrderingMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.22
> >      NAME 'pgpKeyExpireTime'
> >      EQUALITY caseIgnoreMatch
> >      ORDERING caseIgnoreOrderingMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
> )
> >
> >
> >objectclass    (
> >      1.3.6.1.4.1.3401.8.2.23
> >      NAME 'pgpServerInfo'
> >      SUP Top
> >      STRUCTURAL
> >      MUST ( objectclass $ cn $
> pgpBaseKeySpaceDN )
> >      MAY ( pgpSoftware $ pgpVersion )
> )
> >
> >objectclass    (
> >      1.3.6.1.4.1.3401.8.2.24
> >      NAME 'pgpKey'
> >      SUP Top
> >      STRUCTURAL
> >      MUST ( objectclass $ pgpKey )
> >      MAY (  pgpCertID $ pgpDisabled $
> pgpKeyID $ pgpKeyType $ pgpUserID $
> >          
> pgpKeyCreateTime $ pgpSignerID $ pgpRevoked $ pgpSubKeyID $
> >          
> pgpKeySize $ pgpKeyExpireTime ) )
> >
> >
> >Hopefully somebody here can help me.
> >
> >Thanks in advance,
> >Joachim
>
> ______________________________________________________________________
> Alejandra Moreno Espinar
> at rete ag
>
> mailto:alejandra.moreno@atrete.ch,
> http://www.atrete.ch
> snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich,
> Switzerland
> voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55
> 88
> _____________________________________________________________________
>
>
> _

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________