[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Storing Special German Characters in OpenLDAP as PGP -Directory [Virus checked (@MLP)] [Virus checked]



Hi!

Unfortunately I have not found a solution for our problem, but i have informed
NAI. Hopefully they can help.

By the way: if you try iPlanet Directory Server, all will work on the pgp site,
but if you look into the server, you will notice the following:
If you store IDs with umlauts in iPlanet's directory server the userid is
truncated before the first umlaut. ;-) So iPlanet has a similar
behavior as OpenLDAP has. ;-)

How did you set the access permission in the slapd.conf?

Regards,
Joachim





Alejandra Moreno <alejandra.moreno@atrete.ch> am 04.01.2002 11:52:59


An:   Joachim Koch/Login/DE/MLP@MLP, openldap-software@OpenLDAP.org
Kopie:

Thema:    Re: Storing Special German Characters in OpenLDAP as  PGP-Directory
      [Virus checked (@MLP)]  [Virus checked]



Hi!
Everything is running ok now, however, I have the same problem as you with
umlauts. Did you find a solution? The thing is that it works for NAI's
PGPKeyServer, so they implement something...

Alejandra

At 13:41 03.01.2002 +0100, you wrote:
>Hi!
>
>I think a script will not really help me, I want the pgp client to send
>the keys
>to my directory. I'm hoping that NAI will fix this. ;-)
>
>The exact schema you need is included in my first mail, and you have to
>use PGP
>Version 7.x. Version 7.x is providing LDAP-Directories as keyservers. When you
>use this schema, all should work, but you have to do some adjustments:
>
>(0. install the schema)
>1. add an ou to store the keys (e.g. ou=PGP Keys,dc=mycompany,dc=com)
>2. add an entry named PGPServerInfo to let the PGP client find the space,
>where
>the PGP keys are stored
>I think this is the critical point to make all run. ;-)
>      dn: cn=PGPServerInfo,dc=mycompany,dc=com
>      pgpbasekeyspacedn: ou=PGP Keys,dc=mycompany,dc=com
>      pgpsoftware: OpenLDAP
>      pgpversion: 2.0.19
>      objectclass: top
>      objectclass: pgpServerInfo
>      cn: PGPServerInfo
>3. set access permissions
>
>If you want to update/send pgp keys by the client, you must allow anonymous
>write to the pgpspace. However there are some problems to me with access
>control. It will work to me only, if I add
>      access to * by * write
>as last line. I'm wondering what pgp is trying to do. Perhaps someone can
>help.
>:-))
>
>Now you should be able to use OpenLDAP as PGP Directory. :-)
>
>
>Best Regards,
>Joachim
>
>
>
>
>
>
>Alejandra Moreno <alejandra.moreno@atrete.ch> am 03.01.2002 12:08:56
>
>
>An:   Joachim Koch/Login/DE/MLP@MLP, openldap-software@OpenLDAP.org
>Kopie:
>
>Thema:    Re: Storing Special German Characters in OpenLDAP as  PGP-Directory
>       [Virus checked (@MLP)]  [Virus checked]
>
>
>
>
>Hi!
>
>I had this same problem with umlauts, and I think the best solution is for
>you to encode with utf8 after creating the ldif file. If you are interested
>in some scripts that do this, just tell me.
>I have been trying to connect the NAI PGP clients to my LDAP directory, but
>nobody seems to have done this succesfully. Could you tell me the exact
>structure of schema you are using and how the tree looks like? Thanks!
>
>Regards,
>Alejandra
>
>At 14:00 02.01.2002 +0100, you wrote:
> >Hello and happy new year!
> >
> >I try to use OpenLDAP as PGP-Directory for storing PGP keys and PGP
> >configuration. All seems to work fine as long as I do not try to put in any
> >pgpUserIDs with German 'umlauts' (funny german characters like äöüß....).
> >If the
> >pgpUserID contains such a character I get the following error:
> >      "invald syntax". LDAP-Server error: tag=105 err=21 text=pgpuserid:
> > value #0
> >contains invalid data
> >
> >The attribute pgpUserID is defined as Directory String:
> >attributetype   (
> >         1.3.6.1.4.1.3401.8.2.16
> >         NAME 'pgpUserID'
> >         EQUALITY caseIgnoreMatch
> >         SUBSTR  caseIgnoreSubstringsMatch
> >         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >I think the problem is that OpenLDAP is expecting special character UTF-8
> >coded
> >(standard), but PGP sends the UserID plain uncoded.
> >
> >Following is the schema I'm using:
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.8
> >      NAME 'pgpBaseKeySpaceDN'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.9
> >      NAME 'pgpSoftware'
> >      EQUALITY caseIgnoreMatch
> >      SUBSTR caseIgnoreSubstringsMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.10
> >      NAME 'pgpVersion'
> >      EQUALITY caseIgnoreMatch
> >      SUBSTR caseIgnoreSubstringsMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.11
> >      NAME 'pgpKey'
> >      EQUALITY caseExactIA5Match
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.12
> >      NAME 'pgpCertID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.13
> >      NAME 'pgpDisabled'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.14
> >      NAME 'pgpKeyID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.15
> >      NAME 'pgpKeyType'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.16
> >      NAME 'pgpUserID'
> >      EQUALITY caseIgnoreMatch
> >      SUBSTR    caseIgnoreSubstringsMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.17
> >      NAME 'pgpKeyCreateTime'
> >      EQUALITY caseIgnoreMatch
> >      ORDERING caseIgnoreOrderingMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.18
> >      NAME 'pgpSignerID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.19
> >      NAME 'pgpRevoked'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.20
> >      NAME 'pgpSubKeyID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.21
> >      NAME 'pgpKeySize'
> >      EQUALITY caseIgnoreMatch
> >      ORDERING caseIgnoreOrderingMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype  (
> >      1.3.6.1.4.1.3401.8.2.22
> >      NAME 'pgpKeyExpireTime'
> >      EQUALITY caseIgnoreMatch
> >      ORDERING caseIgnoreOrderingMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >
> >objectclass    (
> >      1.3.6.1.4.1.3401.8.2.23
> >      NAME 'pgpServerInfo'
> >      SUP Top
> >      STRUCTURAL
> >      MUST ( objectclass $ cn $ pgpBaseKeySpaceDN )
> >      MAY ( pgpSoftware $ pgpVersion ) )
> >
> >objectclass    (
> >      1.3.6.1.4.1.3401.8.2.24
> >      NAME 'pgpKey'
> >      SUP Top
> >      STRUCTURAL
> >      MUST ( objectclass $ pgpKey )
> >      MAY (  pgpCertID $ pgpDisabled $ pgpKeyID $ pgpKeyType $ pgpUserID $
> >           pgpKeyCreateTime $ pgpSignerID $ pgpRevoked $ pgpSubKeyID $
> >           pgpKeySize $ pgpKeyExpireTime ) )
> >
> >
> >Hopefully somebody here can help me.
> >
> >Thanks in advance,
> >Joachim
>
>______________________________________________________________________
>Alejandra Moreno Espinar
>at rete ag
>
>mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
>snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
>voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
>_____________________________________________________________________
>
>
>_

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________

Hi!
Everything is running ok now, however, I have the same problem as you with umlauts. Did you find a solution? The thing is that it works for NAI's PGPKeyServer, so they implement something...

Alejandra

At 13:41 03.01.2002 +0100, you wrote:
Hi!

I think a script will not really help me, I want the pgp client to send the keys
to my directory. I'm hoping that NAI will fix this. ;-)

The exact schema you need is included in my first mail, and you have to use PGP
Version 7.x. Version 7.x is providing LDAP-Directories as keyservers. When you
use this schema, all should work, but you have to do some adjustments:

(0. install the schema)
1. add an ou to store the keys (e.g. ou=PGP Keys,dc=mycompany,dc=com)
2. add an entry named PGPServerInfo to let the PGP client find the space, where
the PGP keys are stored
I think this is the critical point to make all run. ;-)
     dn: cn=PGPServerInfo,dc=mycompany,dc=com
     pgpbasekeyspacedn: ou=PGP Keys,dc=mycompany,dc=com
     pgpsoftware: OpenLDAP
     pgpversion: 2.0.19
     objectclass: top
     objectclass: pgpServerInfo
     cn: PGPServerInfo
3. set access permissions

If you want to update/send pgp keys by the client, you must allow anonymous
write to the pgpspace. However there are some problems to me with access
control. It will work to me only, if I add
     access to * by * write
as last line. I'm wondering what pgp is trying to do. Perhaps someone can help.
:-))

Now you should be able to use OpenLDAP as PGP Directory. :-)


Best Regards,
Joachim






Alejandra Moreno <alejandra.moreno@atrete.ch> am 03.01.2002 12:08:56


An:   Joachim Koch/Login/DE/MLP@MLP, openldap-software@OpenLDAP.org
Kopie:

Thema:    Re: Storing Special German Characters in OpenLDAP as  PGP-Directory
      [Virus checked (@MLP)]  [Virus checked]




Hi!

I had this same problem with umlauts, and I think the best solution is for
you to encode with utf8 after creating the ldif file. If you are interested
in some scripts that do this, just tell me.
I have been trying to connect the NAI PGP clients to my LDAP directory, but
nobody seems to have done this succesfully. Could you tell me the exact
structure of schema you are using and how the tree looks like? Thanks!

Regards,
Alejandra

At 14:00 02.01.2002 +0100, you wrote:
>Hello and happy new year!
>
>I try to use OpenLDAP as PGP-Directory for storing PGP keys and PGP
>configuration. All seems to work fine as long as I do not try to put in any
>pgpUserIDs with German 'umlauts' (funny german characters like äöüß....).
>If the
>pgpUserID contains such a character I get the following error:
>      "invald syntax". LDAP-Server error: tag=105 err=21 text=pgpuserid:
> value #0
>contains invalid data
>
>The attribute pgpUserID is defined as Directory String:
>attributetype   (
>         1.3.6.1.4.1.3401.8.2.16
>         NAME 'pgpUserID'
>         EQUALITY caseIgnoreMatch
>         SUBSTR  caseIgnoreSubstringsMatch
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>I think the problem is that OpenLDAP is expecting special character UTF-8
>coded
>(standard), but PGP sends the UserID plain uncoded.
>
>Following is the schema I'm using:
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.8
>      NAME 'pgpBaseKeySpaceDN'
>      EQUALITY caseIgnoreMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.9
>      NAME 'pgpSoftware'
>      EQUALITY caseIgnoreMatch
>      SUBSTR caseIgnoreSubstringsMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.10
>      NAME 'pgpVersion'
>      EQUALITY caseIgnoreMatch
>      SUBSTR caseIgnoreSubstringsMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.11
>      NAME 'pgpKey'
>      EQUALITY caseExactIA5Match
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.12
>      NAME 'pgpCertID'
>      EQUALITY caseIgnoreMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.13
>      NAME 'pgpDisabled'
>      EQUALITY caseIgnoreMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.14
>      NAME 'pgpKeyID'
>      EQUALITY caseIgnoreMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.15
>      NAME 'pgpKeyType'
>      EQUALITY caseIgnoreMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.16
>      NAME 'pgpUserID'
>      EQUALITY caseIgnoreMatch
>      SUBSTR    caseIgnoreSubstringsMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.17
>      NAME 'pgpKeyCreateTime'
>      EQUALITY caseIgnoreMatch
>      ORDERING caseIgnoreOrderingMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.18
>      NAME 'pgpSignerID'
>      EQUALITY caseIgnoreMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.19
>      NAME 'pgpRevoked'
>      EQUALITY caseIgnoreMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.20
>      NAME 'pgpSubKeyID'
>      EQUALITY caseIgnoreMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.21
>      NAME 'pgpKeySize'
>      EQUALITY caseIgnoreMatch
>      ORDERING caseIgnoreOrderingMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>attributetype  (
>      1.3.6.1.4.1.3401.8.2.22
>      NAME 'pgpKeyExpireTime'
>      EQUALITY caseIgnoreMatch
>      ORDERING caseIgnoreOrderingMatch
>      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
>
>
>objectclass    (
>      1.3.6.1.4.1.3401.8.2.23
>      NAME 'pgpServerInfo'
>      SUP Top
>      STRUCTURAL
>      MUST ( objectclass $ cn $ pgpBaseKeySpaceDN )
>      MAY ( pgpSoftware $ pgpVersion ) )
>
>objectclass    (
>      1.3.6.1.4.1.3401.8.2.24
>      NAME 'pgpKey'
>      SUP Top
>      STRUCTURAL
>      MUST ( objectclass $ pgpKey )
>      MAY (  pgpCertID $ pgpDisabled $ pgpKeyID $ pgpKeyType $ pgpUserID $
>           pgpKeyCreateTime $ pgpSignerID $ pgpRevoked $ pgpSubKeyID $
>           pgpKeySize $ pgpKeyExpireTime ) )
>
>
>Hopefully somebody here can help me.
>
>Thanks in advance,
>Joachim

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________


_

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________