Fwd: using gnupg with a secure ldap (ldaps) keyserver

Sanchez the Cactus sanchezthecactus at yahoo.com
Tue Jul 27 19:58:12 CEST 2004

I've played around with this some more, and after editing ldap.conf to include
the line:

I can now run:
ldapsearch -h ldap.2wire.com -P3 -x -b "dc=company,dc=com"
objectClass=pgpkeyinfo -Z

successfully, and it returns the pgp keys.

Is there another step I have to take to get gpg 1.3.x to recognize the keys


--- David Shaw <dshaw at jabberwocky.com> wrote:

> On Fri, Jul 16, 2004 at 09:58:40AM -0700, Sanchez the Cactus wrote:
> > when I try with GnuPG 1.3.6 linked against OpenLDAP linked against either
> > GNUTLS or OpenSSL, i get the following error:
> > 
> > ./gpg -v --keyserver "ldaps://ldap.company.com/ou=pgp
> keys,dc=company,dc=com"
> > --search-keys keymaster
> > gpg: It is only intended for test purposes and should NOT be
> > gpg: used in a production environment or with production keys!
> > gpg: WARNING: using insecure memory!
> > gpg: please see http://www.gnupg.org/faq.html for more information
> > gpgkeys: unable to make SSL connection: not supported by the NAI LDAP
> keyserver
> > 
> > gpg: key "keymaster" not found on keyserver
> > gpg: keyserver internal error
> > gpg: keyserver search failed: keyserver error
> > 
> > 
> > 
> > is the "NAI LDAP keyserver" not supported by GnuPG, or is there some
> > other way to make GnuPG access it?
> It's not that GnuPG doesn't support it.  The keyserver itself doesn't
> support ldaps.  GnuPG supports both ldaps and ldap using TLS.  The old
> NAI keyserver supports neither.  If you want to communicate with the
> NAI keyserver, you have to turn off ldaps or TLS.
> I think there is some confusion here.  What exactly are you doing?
> That is, where did you get this server?  What software is it running?
> What do you get if you run:
>   ldapsearch -h ldap.company.com -P2 -x -b "cn=pgpServerInfo" -s base
> cn=pgpServerInfo
> David
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.

More information about the Gnupg-users mailing list