Help setting gpgsm to do LDAP lookup
John Scott
jscott at posteo.net
Thu May 28 06:33:16 CEST 2020
On Monday, May 18, 2020 2:53:55 AM EDT Werner Koch wrote:
> On Sat, 16 May 2020 23:24, John Scott said:
>> Looking up recipients with both dirmngr-client and
>> gpgsm --verbose --list-external-keys [recipient]
>> are fruitless whether I drop the ads\ from my username or not. I've bumped
>> the ldaptimeout to 25. Still both commands finish instantaneously
> I just did a quick test using using
>
> ldap.pca.dfn.de::::o=DFN-Verein,c=DE:ldap
>
> which works as expected. It has no username and password, though.
> To better debug this you should add
>
> --8<---------------cut here---------------start------------->8---
> verbose
> log-file socket://
> debug ipc,lookup,extprog
> no-use-tor
> --8<---------------cut here---------------end--------------->8---
> [...]
> Look at the log file while running these commands; hopefully you see an
> error message.
Thank you. The extra logging and options didn't reveal anything insightful to
me (attached). I've also adjusted the credentials after getting help in my
organization.
I notice that if I use a non-SSL port like 389 or 3268—which I'm not sure they
support the use of, I think they might require non-opportunistic TLS—I get an
'S PROGRESS TICK ? 0 0" message and Dirmngr takes its time before calling it
quits.
On the other hand using 636 or 3269 Dirmngr seems to not try and gets the log.
The URI says only ldap://, can/could/should I specify TLS?
-------------- next part --------------
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: chan_6 <- lookup foobar
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: cmd_lookup: trying ads.foo.com:636 base=ou=Accounts,dc=ads,dc=foo,dc=com
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: ldap wrapper 348782 started (0x00007fae80005e10, /usr/lib/gnupg/dirmngr_ldap)
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: reader_callback: fp[0] stream=0x00007fae800024d0 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=2000)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae80005d90 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae80005d90 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]: processing url 'ldap:///ou%3DAccounts,dc%3Dads,dc%3Dfoo,dc%3Dcom?userCertificate,caCertificate,x509caCert?sub?(%7C(sn%3D*foobar*)(%7C(cn%3D*foobar*)(mail%3D*foobar*)))'
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]: user 'jscott at foo.com'
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=1996)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae80005d90 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae80005d90 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]: pass '*****'
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]: host 'ads.foo.com'
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]: port 636
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]: DN 'ou=Accounts,dc=ads,dc=foo,dc=com'
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=1996)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae80005d90 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae80005d90 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=1996)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae80005d90 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae80005d90 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=1940)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae80005d90 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: reader_callback: fp[0] stream=0x00007fae800024d0 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: releasing ldap worker c=0x00007fae800055f0 pid=348782/348782 rdr=0x00007fae80005e10 ctrl=0x00007fae80000ba0/1
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: cmd_lookup: no data
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: cmd_lookup: trying ads.foo.com:636 base=ou=Accounts,dc=ads,dc=foo,dc=com
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: ldap wrapper 348783 started (0x00007fae80006350, /usr/lib/gnupg/dirmngr_ldap)
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: reader_callback: fp[0] stream=0x00007fae800024d0 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae80005d90 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]: filter '(|(sn=*foobar
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: ldap wrapper 348782 ready: exitcode=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap worker stati:
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: c=0x00007fae80005e10 pid=348783/348783 rdr=0x00007fae80006350 logfp=0x00007fae800062d0 ctrl=0x00007fae80000ba0/1 la=1590627929 rdy=0
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: c=0x00007fae800055f0 pid=-1/348782 rdr=0x0000000000000000 logfp=0x0000000000000000 ctrl=0x0000000000000000/0 la=1590627929 rdy=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=1939)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]: processing url 'ldap:///ou%3DAccounts,dc%3Dads,dc%3Dfoo,dc%3Dcom?userCertificate,caCertificate,x509caCert?sub?(%7C(sn%3D*foobar*)(%7C(cn%3D*foobar*)(mail%3D*foobar*)))'
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]: user 'jscott at foo.com'
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=1935)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]: pass '*****'
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]: host 'ads.foo.com'
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]: port 636
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]: DN 'ou=Accounts,dc=ads,dc=foo,dc=com'
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=1935)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=1935)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=1889)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run (count=1 size=1, timeout=1889)
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 want=1
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: reader_callback: fp[0] stream=0x00007fae800024d0 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: releasing ldap worker c=0x00007fae80005e10 pid=348783/348783 rdr=0x00007fae80006350 ctrl=0x00007fae80000ba0/1
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: cmd_lookup: no data
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: command 'LOOKUP' failed: No data
4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: chan_6 -> ERR 167772218 No data <Dirmngr>
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] stream=0x00007fae800062d0 r=1 r------
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]: filter '(|(sn=*fooba
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: ldap wrapper 348783 ready: exitcode=1
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap worker stati:
4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: c=0x00007fae80005e10 pid=-1/348783 rdr=0x0000000000000000 logfp=0x0000000000000000 ctrl=0x0000000000000000/0 la=1590627929 rdy=1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200528/458f0bcc/attachment-0001.sig>
More information about the Gnupg-users
mailing list