Re: Attribute Alias - pgpKey

[Michael Ströder <michael@stroeder.com>]

Garry Thomas wrote:
> 	I'm trying to use LDAP as a key repository for PGP. I seem to
> have one last issue. Some clients search for a user's public key as an
> attribute named 'pgpKey' and some use 'pgpKeyV2'. Rather than store
> both, and hence doubling storage requirements in the directory, I
> created a schema file with the following.....
>
> attributetype ( 1.3.6.1.4.1.7521.1012 NAME ( 'pgpKey' 'pgpKeyV2' )
>         SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
>
> 	as an attempt to create pgpKeyV2 as an alias to pgpKey.
>
> 	The problem is, when the client that searches for 'pgpKeyV2'
> search the directory, the LDAP server returns the attribute 'pgpKey' and
> its contents. The client simple ignores the response, since it is
> looking for 'pgpKeyV2', and informs that no key is found.

If the LDAP client would also explicitly request the wanted attributes by 
name the server would return the attributes with exactly this name.

You could try to exchange the attribute type name list. But this will 
probably break all the apps looking for 'pgpKey'.

> 	Is there a way of making the LDAP server return the 'alias' name
> 'pgpKeyV2' in this instance?

IMHO there's no way to solve this just by server configuration. The PGP LDAP 
clients has to be corrected. Either by explicitly requesting the attributes 
by name (low effort) or by making the LDAP clients schema-aware (lots of 
implementation work).

Ciao, Michael.