On Fri, Aug 04, 2023 at 10:44:12AM +0000, John Scott wrote: > Hi, > > Inspired by the proprietary server at ldap.dnssek.info, I'd like to > make a slapd plugin that, when queried for a particular email address, > finds the OpenPGP keys and S/MIME certificates by doing DNS lookups > (possibly aided by DANE), and then serves them back to the requestor. > > Currently the documentation in the OpenLDAP Administrator's Guide > still needs to be written. Since not a lot of software supports DANE > right now, but a lot of programs *do* support LDAP, I think a bridge > between the two is something that could really benefit the Internet > community. Could someone steer me in the right direction on how to get > started?
Hi John, seems like you want to write an overlay that intercepts search requests and for each returned entry performs the work that you're describing. Other designs are possible. You can have a look in contrib/slapd-modules or servers/slapd/overlays to see what an overlay looks like and how it is configured. valsort overlay[0] seems like the nearest one in terms of which callbacks you might have to implement and the set up needed to get up and running. [0]. https://git.openldap.org/openldap/openldap/-/blob/master/servers/slapd/overlays/valsort.c Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
