[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Storing Special German Characters in OpenLDAP as PGP -Directory [Virus checked (@MLP)] [Virus checked]

To: Joachim.Koch@mlp-ag.com, openldap-software@OpenLDAP.org
Subject: Re: Storing Special German Characters in OpenLDAP as PGP -Directory [Virus checked (@MLP)] [Virus checked]
From: Alejandra Moreno <alejandra.moreno@atrete.ch>
Date: Fri, 04 Jan 2002 15:27:02 +0100
In-reply-to: <C1256B37.00438881.00@mail30.mlp-ag.com>

Hi!

If you get some feed back from NAI, just tell me!
You were write about the access permission, the following syntax wont work:

access to dn=".*,dc=ch" by * read
access to dn=".*,o=PGP Keys,dc=atrete,dc=ch" by * write

and I really can't figure out why not, because it seems that with this it doesn't find the server at all, WHY????

Regards,
Alejandra

At 13:17 04.01.2002 +0100, you wrote:

Hi!

Unfortunately I have not found a solution for our problem, but i have informed
NAI. Hopefully they can help.

By the way: if you try iPlanet Directory Server, all will work on the pgp site,
but if you look into the server, you will notice the following:
If you store IDs with umlauts in iPlanet's directory server the userid is
truncated before the first umlaut. ;-) So iPlanet has a similar
behavior as OpenLDAP has. ;-)

How did you set the access permission in the slapd.conf?

Regards,
Joachim

Alejandra Moreno <alejandra.moreno@atrete.ch> am 04.01.2002 11:52:59

An:   Joachim Koch/Login/DE/MLP@MLP, openldap-software@OpenLDAP.org
Kopie:

Thema:    Re: Storing Special German Characters in OpenLDAP as PGP-Directory
      [Virus checked (@MLP)] [Virus checked]

Hi!
Everything is running ok now, however, I have the same problem as you with
umlauts. Did you find a solution? The thing is that it works for NAI's
PGPKeyServer, so they implement something...

Alejandra

At 13:41 03.01.2002 +0100, you wrote:
>Hi!
>
>I think a script will not really help me, I want the pgp client to send
>the keys
>to my directory. I'm hoping that NAI will fix this. ;-)
>
>The exact schema you need is included in my first mail, and you have to
>use PGP
>Version 7.x. Version 7.x is providing LDAP-Directories as keyservers. When you
>use this schema, all should work, but you have to do some adjustments:
>
>(0. install the schema)
>1. add an ou to store the keys (e.g. ou=PGP Keys,dc=mycompany,dc=com)
>2. add an entry named PGPServerInfo to let the PGP client find the space,
>where
>the PGP keys are stored
>I think this is the critical point to make all run. ;-)
>      dn: cn=PGPServerInfo,dc=mycompany,dc=com
>      pgpbasekeyspacedn: ou=PGP Keys,dc=mycompany,dc=com
>      pgpsoftware: OpenLDAP
>      pgpversion: 2.0.19
>      objectclass: top
>      objectclass: pgpServerInfo
>      cn: PGPServerInfo
>3. set access permissions
>
>If you want to update/send pgp keys by the client, you must allow anonymous
>write to the pgpspace. However there are some problems to me with access
>control. It will work to me only, if I add
>      access to * by * write
>as last line. I'm wondering what pgp is trying to do. Perhaps someone can
>help.
>:-))
>
>Now you should be able to use OpenLDAP as PGP Directory. :-)
>
>
>Best Regards,
>Joachim
>
>
>
>
>
>
>Alejandra Moreno <alejandra.moreno@atrete.ch> am 03.01.2002 12:08:56
>
>
>An:   Joachim Koch/Login/DE/MLP@MLP, openldap-software@OpenLDAP.org
>Kopie:
>
>Thema:    Re: Storing Special German Characters in OpenLDAP as PGP-Directory
>       [Virus checked (@MLP)] [Virus checked]
>
>
>
>
>Hi!
>
>I had this same problem with umlauts, and I think the best solution is for
>you to encode with utf8 after creating the ldif file. If you are interested
>in some scripts that do this, just tell me.
>I have been trying to connect the NAI PGP clients to my LDAP directory, but
>nobody seems to have done this succesfully. Could you tell me the exact
>structure of schema you are using and how the tree looks like? Thanks!
>
>Regards,
>Alejandra
>
>At 14:00 02.01.2002 +0100, you wrote:
> >Hello and happy new year!
> >
> >I try to use OpenLDAP as PGP-Directory for storing PGP keys and PGP
> >configuration. All seems to work fine as long as I do not try to put in any
> >pgpUserIDs with German 'umlauts' (funny german characters like äöüß....).
> >If the
> >pgpUserID contains such a character I get the following error:
> >      "invald syntax". LDAP-Server error: tag=105 err=21 text=pgpuserid:
> > value #0
> >contains invalid data
> >
> >The attribute pgpUserID is defined as Directory String:
> >attributetype   (
> >         1.3.6.1.4.1.3401.8.2.16
> >         NAME 'pgpUserID'
> >         EQUALITY caseIgnoreMatch
> >         SUBSTR caseIgnoreSubstringsMatch
> >         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >I think the problem is that OpenLDAP is expecting special character UTF-8
> >coded
> >(standard), but PGP sends the UserID plain uncoded.
> >
> >Following is the schema I'm using:
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.8
> >      NAME 'pgpBaseKeySpaceDN'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.9
> >      NAME 'pgpSoftware'
> >      EQUALITY caseIgnoreMatch
> >      SUBSTR caseIgnoreSubstringsMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.10
> >      NAME 'pgpVersion'
> >      EQUALITY caseIgnoreMatch
> >      SUBSTR caseIgnoreSubstringsMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.11
> >      NAME 'pgpKey'
> >      EQUALITY caseExactIA5Match
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.12
> >      NAME 'pgpCertID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.13
> >      NAME 'pgpDisabled'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.14
> >      NAME 'pgpKeyID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.15
> >      NAME 'pgpKeyType'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.16
> >      NAME 'pgpUserID'
> >      EQUALITY caseIgnoreMatch
> >      SUBSTR    caseIgnoreSubstringsMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.17
> >      NAME 'pgpKeyCreateTime'
> >      EQUALITY caseIgnoreMatch
> >      ORDERING caseIgnoreOrderingMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.18
> >      NAME 'pgpSignerID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.19
> >      NAME 'pgpRevoked'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.20
> >      NAME 'pgpSubKeyID'
> >      EQUALITY caseIgnoreMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.21
> >      NAME 'pgpKeySize'
> >      EQUALITY caseIgnoreMatch
> >      ORDERING caseIgnoreOrderingMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >attributetype (
> >      1.3.6.1.4.1.3401.8.2.22
> >      NAME 'pgpKeyExpireTime'
> >      EQUALITY caseIgnoreMatch
> >      ORDERING caseIgnoreOrderingMatch
> >      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
> >
> >
> >objectclass    (
> >      1.3.6.1.4.1.3401.8.2.23
> >      NAME 'pgpServerInfo'
> >      SUP Top
> >      STRUCTURAL
> >      MUST ( objectclass $ cn $ pgpBaseKeySpaceDN )
> >      MAY ( pgpSoftware $ pgpVersion ) )
> >
> >objectclass    (
> >      1.3.6.1.4.1.3401.8.2.24
> >      NAME 'pgpKey'
> >      SUP Top
> >      STRUCTURAL
> >      MUST ( objectclass $ pgpKey )
> >      MAY ( pgpCertID $ pgpDisabled $ pgpKeyID $ pgpKeyType $ pgpUserID $
> >           pgpKeyCreateTime $ pgpSignerID $ pgpRevoked $ pgpSubKeyID $
> >           pgpKeySize $ pgpKeyExpireTime ) )
> >
> >
> >Hopefully somebody here can help me.
> >
> >Thanks in advance,
> >Joachim
>
>______________________________________________________________________
>Alejandra Moreno Espinar
>at rete ag
>
>mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
>snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
>voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
>_____________________________________________________________________
>
>
>_

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________

_

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________

Follow-Ups:
- Re: Storing Special German Characters in OpenLDAP as PGP -Directory [Virus checked (@MLP)] [Virus checked]
  - From: Sebastian Dietzold <dietzold@imise.uni-leipzig.de>

References:
- Re: Storing Special German Characters in OpenLDAP as PGP -Directory [Virus checked (@MLP)] [Virus checked]
  - From: Joachim.Koch@mlp-ag.com

Prev by Date: Re: Replication & efficiency question
Next by Date: Re: Storing Special German Characters in OpenLDAP as PGP -Directory [Virus checked (@MLP)] [Virus checked]
Index(es):
- Chronological
- Thread