Fwd: using gnupg with a secure ldap (ldaps) keyserver
Sanchez the Cactus
sanchezthecactus at yahoo.com
Tue Jul 27 19:58:12 CEST 2004
I've played around with this some more, and after editing ldap.conf to include
I can now run:
ldapsearch -h ldap.2wire.com -P3 -x -b "dc=company,dc=com"
successfully, and it returns the pgp keys.
Is there another step I have to take to get gpg 1.3.x to recognize the keys
--- David Shaw <dshaw at jabberwocky.com> wrote:
> On Fri, Jul 16, 2004 at 09:58:40AM -0700, Sanchez the Cactus wrote:
> > when I try with GnuPG 1.3.6 linked against OpenLDAP linked against either
> > GNUTLS or OpenSSL, i get the following error:
> > ./gpg -v --keyserver "ldaps://ldap.company.com/ou=pgp
> > --search-keys keymaster
> > gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
> > gpg: It is only intended for test purposes and should NOT be
> > gpg: used in a production environment or with production keys!
> > gpg: WARNING: using insecure memory!
> > gpg: please see http://www.gnupg.org/faq.html for more information
> > gpgkeys: unable to make SSL connection: not supported by the NAI LDAP
> > gpg: key "keymaster" not found on keyserver
> > gpg: keyserver internal error
> > gpg: keyserver search failed: keyserver error
> > is the "NAI LDAP keyserver" not supported by GnuPG, or is there some
> > other way to make GnuPG access it?
> It's not that GnuPG doesn't support it. The keyserver itself doesn't
> support ldaps. GnuPG supports both ldaps and ldap using TLS. The old
> NAI keyserver supports neither. If you want to communicate with the
> NAI keyserver, you have to turn off ldaps or TLS.
> I think there is some confusion here. What exactly are you doing?
> That is, where did you get this server? What software is it running?
> What do you get if you run:
> ldapsearch -h ldap.company.com -P2 -x -b "cn=pgpServerInfo" -s base
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
More information about the Gnupg-users