Hi,
Inspired by the proprietary server at ldap.dnssek.info, I'd like to make a slapd plugin that, when queried for a particular email address, finds the OpenPGP keys and S/MIME certificates by doing DNS lookups (possibly aided by DANE), and then serves them back to the requestor.
Currently the documentation in the OpenLDAP Administrator's Guide still needs to be written. Since not a lot of software supports DANE right now, but a lot of programs *do* support LDAP, I think a bridge between the two is something that could really benefit the Internet community. Could someone steer me in the right direction on how to get started?
Thanks
Inspired by the proprietary server at ldap.dnssek.info, I'd like to make a slapd plugin that, when queried for a particular email address, finds the OpenPGP keys and S/MIME certificates by doing DNS lookups (possibly aided by DANE), and then serves them back to the requestor.
Interesting. Although I am not entirely sure what you are trying to solve and why this needs to be solved in ldap and not in eg. MTA
On Fri, Aug 04, 2023 at 10:44:12AM +0000, John Scott wrote:
Hi,
Inspired by the proprietary server at ldap.dnssek.info, I'd like to make a slapd plugin that, when queried for a particular email address, finds the OpenPGP keys and S/MIME certificates by doing DNS lookups (possibly aided by DANE), and then serves them back to the requestor.
Currently the documentation in the OpenLDAP Administrator's Guide still needs to be written. Since not a lot of software supports DANE right now, but a lot of programs *do* support LDAP, I think a bridge between the two is something that could really benefit the Internet community. Could someone steer me in the right direction on how to get started?
Hi John, seems like you want to write an overlay that intercepts search requests and for each returned entry performs the work that you're describing. Other designs are possible.
You can have a look in contrib/slapd-modules or servers/slapd/overlays to see what an overlay looks like and how it is configured. valsort overlay[0] seems like the nearest one in terms of which callbacks you might have to implement and the set up needed to get up and running.
[0]. https://git.openldap.org/openldap/openldap/-/blob/master/servers/slapd/overl...
Regards,
openldap-technical@openldap.org
-
John Scott -
Marc -
Ondřej Kuzník