[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL for PGP - WAS:Re: Storing Special German Characters in OpenLDAP as PGP -Directory

To: openldap-software@OpenLDAP.org
Subject: Re: ACL for PGP - WAS:Re: Storing Special German Characters in OpenLDAP as PGP -Directory
From: Alejandra Moreno <alejandra.moreno@atrete.ch>
Date: Tue, 08 Jan 2002 16:49:28 +0100

Hi Joachim,

Yes, with your schema is not possible to connect because the "PGP Keyserver LDAP" has a quite different schema. The first search the PGP Client does with this configuration is directly to the base object cn=PGPServerInfo. This is their propietary schema. The important thing of this schema is that they define two space keys, one active and one pending. This way all new keys go to this pending area, and only the administrator can move them to the active area. This mechanism is more secure. What do you think? Is it worth trying to implement their schema?

Alejandra

At 16:27 08.01.2002 +0100, you wrote:

Hi Alejandra,

i can connect via PGPkeys only if the ldap server is configured as so called
"PGP Directory LDAP" or "PGP Directory LDAPS".
I did not find any way to connect as "PGP Keyserver LDAP" or "PGP Keyserver
LDAPS".

Joachim

Alejandra Moreno <alejandra.moreno@atrete.ch> am 08.01.2002 15:59:53

An:   Joachim Koch/Login/DE/MLP@MLP
Kopie:    openldap-software@OpenLDAP.org

Thema:    Re: ACL for PGP - WAS:Re: Storing Special German Characters in
      OpenLDAP as PGP -Directory [Virus checked (@MLP)] [Virus checked]

Hi again!

This structure is for LDAP server as a PGP directory, but did you try to
implement the LDAP server as a PGP KeyServer, that is, with the same
structure as the PGP KeyServer from NAI?

Regards,
Alejandra

At 17:32 04.01.2002 +0100, you wrote:
>Hi!
>
>This works:
>      access to dn=".*,o=PGP Keys,dc=atrete,dc=ch" by * write
>      access to dn=".*,dc=atrete,dc=ch" by * write
>      access to dn=".*,dc=ch" by * read
>      access to * by * write
>
>The first lines gives write permission to everything _below_ "o=PGP
>Keys,dc=atrete,dc=ch",
>but why tries PGP to write on level "*,dc=atrete,dc=ch" ?
>
>The ldap integration for PGP by NAI seems to be poorly programmed. :-(
>
>Joachim
>
>
>
>
>
>Alejandra Moreno <alejandra.moreno@atrete.ch> am 04.01.2002 17:13:02
>
>
>An:   Joachim Koch/Login/DE/MLP@MLP, openldap-software@OpenLDAP.org
>Kopie:
>
>Thema:    Re: ACL for PGP - WAS:Re: Storing Special German Characters in
>       OpenLDAP as PGP -Directory [Virus checked (@MLP)] [Virus checked]
>
>
>
>Hi!
>
>If you try :
>
>access to dn=".*,o=PGP Keys,dc=atrete,dc=ch" by * write
>access to dn=".*,dc=ch" by * read
>access to * by * read
>
>to send a key you get the error: no write access to parent
>But don't I give write access to parent with the first line? This is crazy!!!
>
>Alejandra
>
>
>At 16:56 04.01.2002 +0100, you wrote:
> >Hi!
> >
> >try this, if you only want to search for keys:
> >access to dn=".*,o=PGP Keys,dc=atrete,dc=ch" by * write
> >access to dn=".*,dc=ch" by * read
> >---> access to * by * read <----
> >
> >
> >The third line has to be
> >      access to * by * write !!!
> >if you want to send keys to the server.
> >
> >I'm wondering why the third line is neccesary. What does the ##$#-Client
> >try and
> >where?
> >
> >Greets,
> >Joachim
> >
> >
> >
> >
> >
> >Alejandra Moreno <alejandra.moreno@atrete.ch> am 04.01.2002 16:12:39
> >
> >
> >An:   openldap-software@OpenLDAP.org
> >Kopie:     (Blindkopie: Joachim Koch/Login/DE/MLP)
> >
> >Thema:    Re: Storing Special German Characters in OpenLDAP as
> >PGP   -Directory
> >       [Virus checked (@MLP)] [Virus checked]
> >
> >
> >
> >Hi!
> >
> >I also tried that, and still didn't work. It's driving me nuts!!!!
> >
> >At 15:35 04.01.2002 +0100, you wrote:
> > >quote Alejandra Moreno (4.1.2002):
> > >
> > > > If you get some feed back from NAI, just tell me!
> > > > You were write about the access permission, the following syntax wont
> > work:
> > > >
> > > > access to dn=".*,dc=ch" by * read
> > > > access to dn=".*,o=PGP Keys,dc=atrete,dc=ch" by * write
> > >
> > >switch the ACLs to:
> > >access to dn=".*,o=PGP Keys,dc=atrete,dc=ch" by * write
> > >access to dn=".*,dc=ch" by * read
> > >
> > >the first matching ACL makes the job.
> > >
> > >
> > >    Sebastian Dietzold
> > >
> > >--
> > >Sebastian Dietzold
> > >Content Management / Directory Services
> > >Institute for Medical Informatics,
> > >Statistics and Epidemiology (IMISE)
> > >University of Leipzig
> > >Liebigstr. 27
> > >04103 Leipzig
> > >Phone: +49 341 97 161 14
> > >Fax:   +49 341 97 161 30
> >
> >______________________________________________________________________
> >Alejandra Moreno Espinar
> >at rete ag
> >
> >mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
> >snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
> >voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
> >_____________________________________________________________________
> >
> >
> >______________________________________________________________________
> >Alejandra Moreno Espinar
> >at rete ag
> >
> >mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
> >snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
> >voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
> >_____________________________________________________________________
>
>______________________________________________________________________
>Alejandra Moreno Espinar
>at rete ag
>
>mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
>snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
>voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
>_____________________________________________________________________

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________

______________________________________________________________________
Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88
_____________________________________________________________________

Prev by Date: Re: ACL for PGP - WAS:Re: Storing Special German Characters in OpenLDAP as PGP -Directory [Virus checked (@MLP)] [Virus checked]
Next by Date: Re: ACL for PGP [Virus checked (@MLP)] [Virus checked]
Index(es):
- Chronological
- Thread