Fwd: using gnupg with a secure ldap (ldaps) keyserver

David Shaw dshaw at jabberwocky.com
Fri Jul 16 20:48:10 CEST 2004

On Fri, Jul 16, 2004 at 09:58:40AM -0700, Sanchez the Cactus wrote:

> when I try with GnuPG 1.3.6 linked against OpenLDAP linked against either
> GNUTLS or OpenSSL, i get the following error:
> ./gpg -v --keyserver "ldaps://ldap.company.com/ou=pgp keys,dc=company,dc=com"
> --search-keys keymaster
> gpg: It is only intended for test purposes and should NOT be
> gpg: used in a production environment or with production keys!
> gpg: WARNING: using insecure memory!
> gpg: please see http://www.gnupg.org/faq.html for more information
> gpgkeys: unable to make SSL connection: not supported by the NAI LDAP keyserver
> gpg: key "keymaster" not found on keyserver
> gpg: keyserver internal error
> gpg: keyserver search failed: keyserver error
> is the "NAI LDAP keyserver" not supported by GnuPG, or is there some
> other way to make GnuPG access it?

It's not that GnuPG doesn't support it.  The keyserver itself doesn't
support ldaps.  GnuPG supports both ldaps and ldap using TLS.  The old
NAI keyserver supports neither.  If you want to communicate with the
NAI keyserver, you have to turn off ldaps or TLS.

I think there is some confusion here.  What exactly are you doing?
That is, where did you get this server?  What software is it running?
What do you get if you run:

  ldapsearch -h ldap.company.com -P2 -x -b "cn=pgpServerInfo" -s base cn=pgpServerInfo


More information about the Gnupg-users mailing list