Fwd: using gnupg with a secure ldap (ldaps) keyserver

David Shaw dshaw at jabberwocky.com
Wed Jul 28 17:33:40 CEST 2004


On Tue, Jul 27, 2004 at 05:19:08PM -0700, Sanchez the Cactus wrote:

> > > Yes, it does work with PGP on windows.  Hardcoding the context to "ou=PGP
> > > Keys,dc=company,dc=com" makes it work.  So either gpgkeys_ldap needs to
> > know
> > > this, or the server needs to provide that information somehow.  Not sure
> > how
> > > PGP manages to figure it out.
> > 
> > Check your slapd.conf file.  In the section for the pgp keys, there
> > should be a line that looks something like:
> > 
> >  suffix "ou=PGP Keys,dc=DOMAIN,dc=COM"
> > 
> > Does that exist?
> > 
> > Also, since it works from PGP on windows, can you check something: in
> > the PGP options dialog, click on the "servers" tab.  Double click on
> > the entry for your keyserver.  Is there anything in the "Base DN"
> > field?
> > 
> > David
> 
> The PGP "Base DN" field contains: "ou=pgp keys,dc=company,dc=com".
> I'll ask IT about the sldap.conf file.

Okay, this explains what is going on.  Both GnuPG and PGP use a LDAP
feature to autodetect where the keys are stored in a given server.
PGP has the ability to override the autodetection and force a
particular base DN to search in.  GnuPG only works with the
autodetected value.

I think the ability to override the base DN is useful, so I'll add
that to the next GnuPG release.

In the meantime, you can either arrange for the autodetection to work
properly (with 'suffix "ou=pgp keys,dc=company,dc=com"' in your
slapd.conf file), which would work for both PGP and GnuPG, or just
hardcode that as your base DN in gpgkeys_ldap.c until the next
release.

David



More information about the Gnupg-users mailing list