Re: Help with internal processing of add

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

>the issue I see is that ALL pgp ldap changes use the same DN.

I think you are still missing the point.

First, NAI PGP doesn't use LDAP, it abuses LDAP.  In
particular, it has redefined the semantics of the LDAP
Add operation, disallowing use of LDAP servers which are
complaint with LDAP specifications.  The current PGP-LDAP
interface is PGP-specific.

Secondly, the NIA PGP use creates an application specific
directory.  That is, PGP is accessing only application
specific data and storing data which is only useful to PGP.
The PGP makes no use of the "The Directory".

The suggestion is to redesign PGP to use LDAP standard track
operational semantics and to make use of "The Directory".  This
would require change to PGP applications.  In particular,
the "keyserver" would be split into two services "key authority
(or manager)" and "the directory" and "clients" would have
to be modified to use "the directory" to object keys and
locate the "key authority" as well as changes necessary to
communicate with the "key authority".  This is a large
undertaking.

You are, of course, welcomed to continue developing NAI
compatible keyservers and to continue leveraging OpenLDAP
sources to do so.   Just note that the OpenLDAP goal is
to produce general-purpose, standard-track LDAP software
and any changes you choose to contribute will be reviewed
in this context.

Kurt