enabling the ldap keyserver plugin on HP-UX

David Ellement ellement at sdd.hp.com
Sat Sep 7 17:28:01 CEST 2002


On 020906, at 16:58:53, David Shaw wrote
> On Fri, Sep 06, 2002 at 11:20:15AM -0700, David Ellement wrote:
> > On 020906, at 06:44:31, David Shaw wrote
> > > On Wed, Sep 04, 2002 at 09:44:52PM -0700, David Ellement wrote:
> > > > So I assume I have a bad compile of one of openssl, openldap, or
> > > > gpgkeys_ldap.
> > > 
> > > Intesting.  Let's check OpenLDAP sanity.  What happens if you do:
> > > 
> > >   ldapsearch -h 64.94.85.200 -x -P2 '(pgpkeyid=394D0EC8)'
> > 
> > That appears to work:
> 
> Good, we're narrowing it down.  Let's try gpgkeys_ldap next.  I've
> attached a file.  Please run it like this:
> 
>  gpgkeys_ldap -o output.txt ldaptest.txt
> 
> Let me know what happens, and if anything useful appears in output.txt
> or on the console.  Also: what version of OpenLDAP are you using, and
> what configure options did you use when you built it?


I'm beginning to understand what is going on.  To pierce our firewall, I
have to "socksify" some applications.  I had built a "socksified"
version of OpenLDAP (2.1.3 for hpux from hpux.cs.utah.edu), but I hadn't
done that gpgkeys_ldap.

In the process of debugging, I rebuilt openssl and openldap with and
without "socksifying".  Without "socks", the ldapsearch sanity check
above gave the same error I saw gpgkeys_ldap.

I've built socks version of gpgkeys_ldap.  For the test above,
output.txt is:

    VERSION 0
    PROGRAM 1.0.7

    SEARCH prz at mit.edu BEGIN
    COUNT 1
    C7463639B2D7795E:Philip R. Zimmermann <prz at mit.edu>:0:978671783::1012552348:DSS/DH:3072
    SEARCH prz at mit.edu END


Things are beginning to appear to work.  However, while this works:

    gpg --keyserver ldap://64.94.85.200 --recv-keys 0xB2D7795E

if I try:

    gpg --keyserver ldap://pgp.surfnet.nl:11370 --recv-keys 0xB2D7795E
    
I still get the LDAP bind error.

-- 
David Ellement




More information about the Gnupg-devel mailing list