dirmngr: Remove superfluous attribute from the LDAP schema.

--

I accidently added a gpgSubCertID attribute not realizing that the
pgpSubKeyID already carries the long keyid.  Remove that.  Note that
the pgpkeyID has the short keyid and the long keyid has the name
pgpCertID.

Signed-off-by: Werner Koch <wk@gnupg.org>

2 files changed, 10 insertions, 27 deletions

diff --git a/doc/ldap/gnupg-ldap-ad-schema.ldif b/doc/ldap/gnupg-ldap-ad-schema.ldif
index 6c4d19f15..a8810809e 100644
--- a/doc/ldap/gnupg-ldap-ad-schema.ldif
+++ b/doc/ldap/gnupg-ldap-ad-schema.ldif
@@ -3,7 +3,7 @@
 # Schema for an OpenPGP LDAP keyserver.  This is a slighly enhanced
 # version of the original LDAP schema used for PGP keyservers as
 # installed at quite some sites.
-# Revision: 2020-12-08
+# Revision: 2020-12-15
 
 # Some notes:
 # - Backup your AD! It is not possible to revert changes of the schema.
@@ -181,7 +181,7 @@ oMSyntax: 64
 isSingleValued: TRUE
 schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYCw==
 
-# The Subkey key ids
+# The Subkey key ids (16 hex digits)
 dn: CN=pgpSubKeyID,CN=Schema,CN=Configuration,DC=EXAMPLEDC
 changetype: ntdsSchemaAdd
 objectClass: attributeSchema
@@ -254,18 +254,6 @@ oMSyntax: 64
 isSingleValued: FALSE
 schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYEQ==
 
-# A list of hex encoded long keyids of all subkeys.
-dn: CN=gpgSubCertID,CN=Schema,CN=Configuration,DC=EXAMPLEDC
-changetype: ntdsSchemaAdd
-objectClass: attributeSchema
-attributeID: 1.3.6.1.4.1.11591.2.4.1.4
-lDAPDisplayName: gpgSubCertID
-description: OpenPGP long subkey id
-attributeSyntax: 2.5.5.12
-oMSyntax: 64
-isSingleValued: FALSE
-schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYEg==
-
 # Unused GUIDs:
 #  9AbnpaXqQR6d3S5OZomYEw==
 #  9AbnpaXqQR6d3S5OZomYFA==
@@ -335,7 +323,6 @@ mayContain: pgpKeySize
 mayContain: pgpKeyExpireTime
 mayContain: gpgFingerprint
 mayContain: gpgSubFingerprint
-mayContain: gpgSubCertID
 mayContain: gpgMailbox
 schemaIDGUID:: 9AbnpaXqQR6d3S5OZomYIQ==
 
diff --git a/doc/ldap/gnupg-ldap-schema.ldif b/doc/ldap/gnupg-ldap-schema.ldif
index 02d04fa46..be6a4646a 100644
--- a/doc/ldap/gnupg-ldap-schema.ldif
+++ b/doc/ldap/gnupg-ldap-schema.ldif
@@ -116,14 +116,16 @@ olcAttributeTypes: {11}(
     EQUALITY caseIgnoreMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE )
+# Note that there is no short subkeyid despite that the name
+# is similar to the name of short keyid of the primary key.
 olcAttributeTypes: {12}(
     1.3.6.1.4.1.3401.8.2.20
     NAME 'pgpSubKeyID'
-    DESC 'Sub-key ID(s) of the PGP key.'
+    DESC 'OpenPGP long Subkey ID(s) of the PGP key.'
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-# A hin on the keysize.
+# A hint on the keysize.
 olcAttributeTypes: {13}(
     1.3.6.1.4.1.3401.8.2.21
     NAME 'pgpKeySize'
@@ -169,14 +171,9 @@ olcAttributeTypes: {17}(
     EQUALITY caseIgnoreMatch
     SUBSTR caseIgnoreSubstringsMatch
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-# A list of hex encoded long keyids of all subkeys.
-olcAttributeTypes: {18}(
-    1.3.6.1.4.1.11591.2.4.1.4
-    NAME 'gpgSubCertID'
-    DESC 'OpenPGP long subkey id'
-    EQUALITY caseIgnoreMatch
-    SUBSTR caseIgnoreSubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+#
+# Note: OID 1.3.6.1.4.1.11591.2.4.1.4 is reserved
+# because it was used for short time during development.
 #
 #
 # Used by regular LDAP servers to indicate pgp support.
@@ -202,8 +199,7 @@ olcObjectClasses: {1}(
                       pgpUserID $ pgpKeyCreateTime $ pgpSignerID $
                       pgpRevoked $ pgpSubKeyID $ pgpKeySize $
                       pgpKeyExpireTime $ gpgFingerprint $
-                      gpgSubFingerprint $ gpgSubCertID $
-                      gpgMailbox ) )
+                      gpgSubFingerprint $ gpgMailbox ) )
 #
 # end-of-file
 #