enabling the ldap keyserver plugin on HP-UX

David Shaw dshaw@jabberwocky.com
Mon Sep 9 06:50:01 2002


On Sat, Sep 07, 2002 at 07:29:04AM -0700, David Ellement wrote:
> On 020906, at 16:58:53, David Shaw wrote
> > On Fri, Sep 06, 2002 at 11:20:15AM -0700, David Ellement wrote:
> > > On 020906, at 06:44:31, David Shaw wrote
> > > > On Wed, Sep 04, 2002 at 09:44:52PM -0700, David Ellement wrote:
> > > > > So I assume I have a bad compile of one of openssl, openldap, or
> > > > > gpgkeys_ldap.
> > > > 
> > > > Intesting.  Let's check OpenLDAP sanity.  What happens if you do:
> > > > 
> > > >   ldapsearch -h 64.94.85.200 -x -P2 '(pgpkeyid=394D0EC8)'
> > > 
> > > That appears to work:
> > 
> > Good, we're narrowing it down.  Let's try gpgkeys_ldap next.  I've
> > attached a file.  Please run it like this:
> > 
> >  gpgkeys_ldap -o output.txt ldaptest.txt
> > 
> > Let me know what happens, and if anything useful appears in output.txt
> > or on the console.  Also: what version of OpenLDAP are you using, and
> > what configure options did you use when you built it?
> 
> 
> I'm beginning to understand what is going on.  To pierce our firewall, I
> have to "socksify" some applications.  I had built a "socksified"
> version of OpenLDAP (2.1.3 for hpux from hpux.cs.utah.edu), but I hadn't
> done that gpgkeys_ldap.

Aha :)

[..]

> Things are beginning to appear to work.  However, while this works:
> 
>     gpg --keyserver ldap://64.94.85.200 --recv-keys 0xB2D7795E
> 
> if I try:
> 
>     gpg --keyserver ldap://pgp.surfnet.nl:11370 --recv-keys 0xB2D7795E
>     
> I still get the LDAP bind error.

Hmm.  Try:

     gpg --keyserver ldap://194.171.167.2:11370 --recv-keys 0xB2D7795E

If that works, then I suspect some issue with the resolver library
(194.171.167.2 == pgp.surfnet.nl).  If that doesn't work, I suspect
some issue with the surfnet keyserver running on a nonstandard LDAP
port (standard LDAP is 389).  Does your firewall allow 389 but not
11370?

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson