Fwd: using gnupg with a secure ldap (ldaps) keyserver

Sanchez the Cactus sanchezthecactus at yahoo.com
Wed Jul 28 01:07:50 CEST 2004

--- David Shaw <dshaw at jabberwocky.com> wrote:

> On Tue, Jul 27, 2004 at 03:03:55PM -0700, Sanchez the Cactus wrote:
> > 1) the check at for !real_ldap (in the if(use_ssl) block of main) is
> > called before find_basekeyspacedn() is called, so real_ldap is set
> > to 0, and it prints out the first of the two not supported by the
> > NAI LDAP keyserver errors.  for now, i've just changed !real_ldap to
> > real_ldap, but I know that's not the right solution.
> Yes, ignore that for now.  It's not the main problem.
> > 2) find_basekeyspacedn() isn't working...  the call:
> > vals=ldap_get_values(ldap,si_res,"pgpBaseKeySpaceDN"); is returning
> > NULL, but I haven't had a chance to look into it more yet, though it
> > is using the context of "dc=company,dc=com", which I think is not
> > the right one.
> No, it should be something like "o=PGP Keys", or at least including
> the "PGP Keys" as part of the string.  It's pretty clear what is going
> wrong, but it is not clear whether this is a problem with your LDAP
> server setup or in gpgkeys_ldap.
> I think you said this was set up by your IT dept for PGP users as
> well.  Does it work with PGP?
> David

Yes, it does work with PGP on windows.  Hardcoding the context to "ou=PGP
Keys,dc=company,dc=com" makes it work.  So either gpgkeys_ldap needs to know
this, or the server needs to provide that information somehow.  Not sure how
PGP manages to figure it out.


Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!

More information about the Gnupg-users mailing list