Fwd: using gnupg with a secure ldap (ldaps) keyserver
Sanchez the Cactus
sanchezthecactus at yahoo.com
Wed Jul 28 00:03:55 CEST 2004
--- David Shaw <dshaw at jabberwocky.com> wrote:
> On Tue, Jul 27, 2004 at 01:59:43PM -0700, Sanchez the Cactus wrote:
>
> > # PGPServerInfo, PGP Keys, company.com
> > dn: cn=PGPServerInfo,ou=PGP Keys,dc=company,dc=com
> > cn: PGPServerInfo
> > objectClass: pgpserverinfo
> > pgpSoftware: OpenLDAP slapd
> > pgpVersion: 2.1.23.8
> > pgpBaseKeySpaceDN: ou=PGP Keys,dc=company,dc=com
>
> Interesting. What happens if you do:
>
> ldapsearch -h ldap.company.com -x -P3 -s base -b "" '(objectClass=*)'
> namingcontexts
>
> Now that you made the certificate change on the server, did you try
> using GnuPG again?
>
> gpg --keyserver ldap://ldap.company.com --search-keys whatever
>
> David
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectClass=*)
# requesting: namingcontexts
#
#
dn:
namingContexts: dc=company,dc=com
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
I've been trying to debug this a little myself in gpgkeys_ldap.c from 1.3.6:
it appears that 2 things are happening:
1) the check at for !real_ldap (in the if(use_ssl) block of main) is called
before find_basekeyspacedn() is called, so real_ldap is set to 0, and it prints
out the first of the two not supported by the NAI LDAP keyserver errors. for
now, i've just changed !real_ldap to real_ldap, but I know that's not the right
solution.
2) find_basekeyspacedn() isn't working... the call:
vals=ldap_get_values(ldap,si_res,"pgpBaseKeySpaceDN");
is returning NULL, but I haven't had a chance to look into it more yet, though
it is using the context of "dc=company,dc=com", which I think is not the right
one.
-Joe
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
More information about the Gnupg-users
mailing list