Using LDAP keyservers with gpg 2.1.11

Philip Colmer philip.colmer at linaro.org
Mon Apr 11 15:43:10 CEST 2016 

OK ... I've done some more digging.

The command

KEYSERVER --clear

was failing because it doesn't like the embedded username and
password, i.e. it only works if the configuration just specifies
ldaps://login.linaro.org.

So, stripping the username and password out gets *that* bit of the
code to work but ultimately fails when the code tries to send the key
because it no longer has any authentication information.

How/where am I supposed to specify the username and password? I've
tried specifying:

keyserver-options binddn="uid=user1,ou=PGP Keys,dc=EXAMPLE,dc=ORG"
keyserver-options bindpw=PASSWORD

which is what https://wiki.gnupg.org/LDAPKeyserver suggests, but the
software complains they are unrecognised; I suspect that gnupg 2.1
removed those but it isn't clear if they got replaced by something
else.

Thanks.

Philip


On 8 April 2016 at 12:19, Philip Colmer <philip.colmer at linaro.org> wrote:
> On 8 April 2016 at 11:55, Kristian Fiskerstrand
> <kristian.fiskerstrand at sumptuouscapital.com> wrote:
>>>> is ldap listed as a schema when doing KEYSERVER --help ? you can
>>>> also check if ldd /usr/bin/dirmngr shows a linkage to libldap
>
> Thanks for this suggestion. dirmngr wasn't listing ldap, so I've
> installed the extra bits, rebuilt and now it is.
>
> However, unfortunately, now --send-key breaks earlier than it was :(
>
> gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache
> memstat trust hashing cardio ipc clock lookup extprog
> gpg: DBG: [not enabled in the source] start
> gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg
> gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
> gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service
> gpg: DBG: connection to the dirmngr established
> gpg: DBG: chan_3 -> GETINFO version
> gpg: DBG: chan_3 <- D 2.1.11
> gpg: DBG: chan_3 <- OK
> gpg: DBG: chan_3 -> KEYSERVER --clear
> ldaps://<DN>:<password>@login.linaro.org?dc=linaro,dc=org
> gpg: DBG: chan_3 <- ERR 167772161 General error <Dirmngr>
> gpg: no keyserver known
> gpg: keyserver send failed: No keyserver available
> gpg: DBG: chan_3 -> BYE
> gpg: DBG: [not enabled in the source] stop
>
> This used to be the output ...
>
> gpg: DBG: [not enabled in the source] start
> gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg
> gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
> gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service
> gpg: DBG: chan_4 <- # Home: /home/ubuntu/.gnupg
> gpg: DBG: chan_4 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
> gpg: DBG: chan_4 <- OK Dirmngr 2.1.11 at your service
> gpg: DBG: connection to the dirmngr established
> gpg: DBG: chan_4 -> GETINFO version
> gpg: DBG: chan_4 <- D 2.1.11
> gpg: DBG: chan_4 <- OK
> gpg: DBG: chan_4 -> KEYSERVER --clear ldaps://<DN>:<password>@login.linaro.org
> gpg: DBG: chan_4 <- OK
> gpg: DBG: chan_4 -> KEYSERVER
> gpg: DBG: chan_4 <- S KEYSERVER ldaps://uid=<DN>:<password>@login.linaro.org
> gpg: DBG: chan_4 <- OK
> gpg: DBG: [not enabled in the source] keydb_new
> gpg: DBG: [not enabled in the source] keydb_search enter
>
> Regards
>
> Philip

More information about the Gnupg-users mailing list