[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Attribute Alias - pgpKey



Garry Thomas wrote:
	I'm trying to use LDAP as a key repository for PGP. I seem to
have one last issue. Some clients search for a user's public key as an
attribute named 'pgpKey' and some use 'pgpKeyV2'. Rather than store
both, and hence doubling storage requirements in the directory, I
created a schema file with the following.....

attributetype ( 1.3.6.1.4.1.7521.1012 NAME ( 'pgpKey' 'pgpKeyV2' )
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )

	as an attempt to create pgpKeyV2 as an alias to pgpKey.

	The problem is, when the client that searches for 'pgpKeyV2'
search the directory, the LDAP server returns the attribute 'pgpKey' and
its contents. The client simple ignores the response, since it is
looking for 'pgpKeyV2', and informs that no key is found.

If the LDAP client would also explicitly request the wanted attributes by name the server would return the attributes with exactly this name.


You could try to exchange the attribute type name list. But this will probably break all the apps looking for 'pgpKey'.

	Is there a way of making the LDAP server return the 'alias' name
'pgpKeyV2' in this instance?

IMHO there's no way to solve this just by server configuration. The PGP LDAP clients has to be corrected. Either by explicitly requesting the attributes by name (low effort) or by making the LDAP clients schema-aware (lots of implementation work).


Ciao, Michael.