enabling the ldap keyserver plugin on HP-UX
David Ellement
ellement@sdd.hp.com
Sat Sep 7 16:28:01 2002
On 020906, at 16:58:53, David Shaw wrote
> On Fri, Sep 06, 2002 at 11:20:15AM -0700, David Ellement wrote:
> > On 020906, at 06:44:31, David Shaw wrote
> > > On Wed, Sep 04, 2002 at 09:44:52PM -0700, David Ellement wrote:
> > > > So I assume I have a bad compile of one of openssl, openldap, or
> > > > gpgkeys_ldap.
> > >
> > > Intesting. Let's check OpenLDAP sanity. What happens if you do:
> > >
> > > ldapsearch -h 64.94.85.200 -x -P2 '(pgpkeyid=394D0EC8)'
> >
> > That appears to work:
>
> Good, we're narrowing it down. Let's try gpgkeys_ldap next. I've
> attached a file. Please run it like this:
>
> gpgkeys_ldap -o output.txt ldaptest.txt
>
> Let me know what happens, and if anything useful appears in output.txt
> or on the console. Also: what version of OpenLDAP are you using, and
> what configure options did you use when you built it?
I'm beginning to understand what is going on. To pierce our firewall, I
have to "socksify" some applications. I had built a "socksified"
version of OpenLDAP (2.1.3 for hpux from hpux.cs.utah.edu), but I hadn't
done that gpgkeys_ldap.
In the process of debugging, I rebuilt openssl and openldap with and
without "socksifying". Without "socks", the ldapsearch sanity check
above gave the same error I saw gpgkeys_ldap.
I've built socks version of gpgkeys_ldap. For the test above,
output.txt is:
VERSION 0
PROGRAM 1.0.7
SEARCH prz@mit.edu BEGIN
COUNT 1
C7463639B2D7795E:Philip R. Zimmermann <prz@mit.edu>:0:978671783::1012552348:DSS/DH:3072
SEARCH prz@mit.edu END
Things are beginning to appear to work. However, while this works:
gpg --keyserver ldap://64.94.85.200 --recv-keys 0xB2D7795E
if I try:
gpg --keyserver ldap://pgp.surfnet.nl:11370 --recv-keys 0xB2D7795E
I still get the LDAP bind error.
--
David Ellement