[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL for PGP - WAS:Re: Storing Special German Characters in OpenLDAP as PGP -Directory
Hi Joachim,
Yes, with your schema is not possible to connect because the "PGP
Keyserver LDAP" has a quite different schema. The first search the
PGP Client does with this configuration is directly to the base object
cn=PGPServerInfo. This is their propietary schema. The important thing of
this schema is that they define two space keys, one active and one
pending. This way all new keys go to this pending area, and only the
administrator can move them to the active area. This mechanism is more
secure. What do you think? Is it worth trying to implement their
schema?
Alejandra
At 16:27 08.01.2002 +0100, you wrote:
Hi Alejandra,
i can connect via PGPkeys only if the ldap server is configured as so
called
"PGP Directory LDAP" or "PGP Directory LDAPS".
I did not find any way to connect as "PGP Keyserver LDAP" or
"PGP Keyserver
LDAPS".
Joachim
Alejandra Moreno <alejandra.moreno@atrete.ch> am 08.01.2002
15:59:53
An: Joachim Koch/Login/DE/MLP@MLP
Kopie: openldap-software@OpenLDAP.org
Thema: Re: ACL for PGP - WAS:Re: Storing Special German
Characters in
OpenLDAP as PGP -Directory [Virus
checked (@MLP)] [Virus checked]
Hi again!
This structure is for LDAP server as a PGP directory, but did you try
to
implement the LDAP server as a PGP KeyServer, that is, with the
same
structure as the PGP KeyServer from NAI?
Regards,
Alejandra
At 17:32 04.01.2002 +0100, you wrote:
>Hi!
>
>This works:
> access to dn=".*,o=PGP
Keys,dc=atrete,dc=ch" by * write
> access to
dn=".*,dc=atrete,dc=ch" by * write
> access to dn=".*,dc=ch" by *
read
> access to * by * write
>
>The first lines gives write permission to everything _below_
"o=PGP
>Keys,dc=atrete,dc=ch",
>but why tries PGP to write on level "*,dc=atrete,dc=ch"
?
>
>The ldap integration for PGP by NAI seems to be poorly programmed.
:-(
>
>Joachim
>
>
>
>
>
>Alejandra Moreno <alejandra.moreno@atrete.ch> am 04.01.2002
17:13:02
>
>
>An: Joachim Koch/Login/DE/MLP@MLP,
openldap-software@OpenLDAP.org
>Kopie:
>
>Thema: Re: ACL for PGP - WAS:Re: Storing Special
German Characters in
> OpenLDAP as PGP -Directory
[Virus checked (@MLP)] [Virus checked]
>
>
>
>Hi!
>
>If you try :
>
>access to dn=".*,o=PGP Keys,dc=atrete,dc=ch" by *
write
>access to dn=".*,dc=ch" by * read
>access to * by * read
>
>to send a key you get the error: no write access to parent
>But don't I give write access to parent with the first line? This is
crazy!!!
>
>Alejandra
>
>
>At 16:56 04.01.2002 +0100, you wrote:
> >Hi!
> >
> >try this, if you only want to search for keys:
> >access to dn=".*,o=PGP Keys,dc=atrete,dc=ch" by *
write
> >access to dn=".*,dc=ch" by * read
> >---> access to * by * read <----
> >
> >
> >The third line has to be
> > access to * by * write !!!
> >if you want to send keys to the server.
> >
> >I'm wondering why the third line is neccesary. What does the
##$#-Client
> >try and
> >where?
> >
> >Greets,
> >Joachim
> >
> >
> >
> >
> >
> >Alejandra Moreno <alejandra.moreno@atrete.ch> am
04.01.2002 16:12:39
> >
> >
> >An: openldap-software@OpenLDAP.org
> >Kopie: (Blindkopie: Joachim
Koch/Login/DE/MLP)
> >
> >Thema: Re: Storing Special German Characters
in OpenLDAP as
> >PGP -Directory
> > [Virus checked
(@MLP)] [Virus checked]
> >
> >
> >
> >Hi!
> >
> >I also tried that, and still didn't work. It's driving me
nuts!!!!
> >
> >At 15:35 04.01.2002 +0100, you wrote:
> > >quote Alejandra Moreno (4.1.2002):
> > >
> > > > If you get some feed back from NAI, just tell
me!
> > > > You were write about the access permission, the
following syntax wont
> > work:
> > > >
> > > > access to dn=".*,dc=ch" by * read
> > > > access to dn=".*,o=PGP
Keys,dc=atrete,dc=ch" by * write
> > >
> > >switch the ACLs to:
> > >access to dn=".*,o=PGP Keys,dc=atrete,dc=ch" by *
write
> > >access to dn=".*,dc=ch" by * read
> > >
> > >the first matching ACL makes the job.
> > >
> > >
> > > Sebastian Dietzold
> > >
> > >--
> > >Sebastian Dietzold
> > >Content Management / Directory Services
> > >Institute for Medical Informatics,
> > >Statistics and Epidemiology (IMISE)
> > >University of Leipzig
> > >Liebigstr. 27
> > >04103 Leipzig
> > >Phone: +49 341 97 161 14
> > >Fax: +49 341 97 161 30
> >
>
>______________________________________________________________________
> >Alejandra Moreno Espinar
> >at rete ag
> >
>
>mailto:alejandra.moreno@atrete.ch,
http://www.atrete.ch
> >snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich,
Switzerland
> >voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266
55 88
>
>_____________________________________________________________________
> >
> >
>
>______________________________________________________________________
> >Alejandra Moreno Espinar
> >at rete ag
> >
>
>mailto:alejandra.moreno@atrete.ch,
http://www.atrete.ch
> >snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich,
Switzerland
> >voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266
55 88
>
>_____________________________________________________________________
>
>______________________________________________________________________
>Alejandra Moreno Espinar
>at rete ag
>
>mailto:alejandra.moreno@atrete.ch,
http://www.atrete.ch
>snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich,
Switzerland
>voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55
88
>_____________________________________________________________________
______________________________________________________________________
Alejandra Moreno Espinar
at rete ag
mailto:alejandra.moreno@atrete.ch,
http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich,
Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55
88
_____________________________________________________________________
______________________________________________________________________
Alejandra Moreno Espinar
at rete ag
mailto:alejandra.moreno@atrete.ch,
http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O.
Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________
______________________________________________________________________
Alejandra Moreno Espinar
at rete ag
mailto:alejandra.moreno@atrete.ch,
http://www.atrete.ch
snail mail: Oberdorfstrasse 2,
P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________