how to authenticate an ldaps keyserver lookup

David Shaw dshaw at jabberwocky.com
Wed Jun 7 18:59:47 CEST 2006


On Wed, Jun 07, 2006 at 04:43:35PM +0200, Ralf Hauser wrote:
> Hi,
> 
> A closed community would like to use gpg to retrieve the keys of other member. To keep the community closed and protect them from spam. They would like query an ldap server through SSL with username password authentication.
> 
> While gpg appears to support "ldaps", I didn't see a way to communicate that username/password pair in a lookup like
> 
>    gpg --keyserver ldaps://somehost:636 --search micky
> 
> Also the --keyserver-options parameters do not appear to offer taking a password.
> 
> How can this be done with gpg?

First make sure you're using the latest version (1.4.3), then you can
do:

  keyserver ldaps://somehost binddn=xxxx bindpw=xxxx

binddn is the LDAP DN to bind to, and bindpw is the password to use.

> Furthermore, when trying to do that with apache's ldap server, it did not like the SSL it got from my gpg (http://issues.apache.org/jira/browse/DIR-185). 
> 
> Has anyone experienced the same? Any hints would be highly appreciated.

Try adding "keyserver-options debug=1" and running it again to get
some idea what GPG is seeing.

David



More information about the Gnupg-users mailing list