On Fri, Feb 19, 2010 at 11:53:34AM -0800, Murray S. Kucherawy <msk_at_blackops.org> wrote:
> There was a suggestion by someone from the OpenLDAP project to propose an
> LDAP schema to the IETF for standardization. Are you interested in an
> effort like that? It's far from urgent or mandatory, but might be
> something of interest we could tackle especially if it will be of benefit
> to the community.
Seems like a good idea. Having a schema file defined probably makes that
easier, anyway.
> For extra credit: Does the new opendkim-genzone tool work for the sample
> key you put in LDAP?
Actually, it doesn't compile on my system. Now that I've got LDAP
tested, I plan to go see why that, Lua, etc. all cause build failures
here. Seems to all come down to missing dependencies, since the failures
are almost universally unresolved symbols.
> What mechanism would you suggest for indicating that the input keys are
> DER-formatted? A fourth attribute in the query? A command-line flag?
> Something else? I don't really want to assume DER if the installation is
> using LDAP because, for example, it might be hard to do the same thing in
> the Sleepycat DB and OpenDBX cases.
Would it be crazy to just check for the PEM header/footer? If the LDAP
bits can't handle it without the header/footer, then I assume that the
other DB types can't because they're being shoved through the same
OpenSSL routines.
--
Mike Markley <mike_at_markley.org>
You're dead, Jim.
- McCoy, "The Tholian Web", stardate unknown
Received on Fri Feb 19 2010 - 20:56:31 PST