Fwd: using gnupg with a secure ldap (ldaps) keyserver

Sanchez the Cactus sanchezthecactus at yahoo.com
Wed Jul 28 00:03:55 CEST 2004

--- David Shaw <dshaw at jabberwocky.com> wrote:

> On Tue, Jul 27, 2004 at 01:59:43PM -0700, Sanchez the Cactus wrote:
> > # PGPServerInfo, PGP Keys, company.com
> > dn: cn=PGPServerInfo,ou=PGP Keys,dc=company,dc=com
> > cn: PGPServerInfo
> > objectClass: pgpserverinfo
> > pgpSoftware: OpenLDAP slapd
> > pgpVersion:
> > pgpBaseKeySpaceDN: ou=PGP Keys,dc=company,dc=com
> Interesting.  What happens if you do:
> ldapsearch -h ldap.company.com -x -P3 -s base -b "" '(objectClass=*)'
> namingcontexts
> Now that you made the certificate change on the server, did you try
> using GnuPG again?
>   gpg --keyserver ldap://ldap.company.com --search-keys whatever
> David

# extended LDIF
# LDAPv3
# base <> with scope base
# filter: (objectClass=*)
# requesting: namingcontexts

namingContexts: dc=company,dc=com

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

I've been trying to debug this a little myself in gpgkeys_ldap.c from 1.3.6: 
it appears that 2 things are happening:

1) the check at for !real_ldap (in the if(use_ssl) block of main) is called
before find_basekeyspacedn() is called, so real_ldap is set to 0, and it prints
out the first of the two not supported by the NAI LDAP keyserver errors.  for
now, i've just changed !real_ldap to real_ldap, but I know that's not the right

2) find_basekeyspacedn() isn't working...  the call:
 is returning NULL, but I haven't had a chance to look into it more yet, though
it is using the context of "dc=company,dc=com", which I think is not the right


Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.

More information about the Gnupg-users mailing list