[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP PGP key server
I'm trying to accomplish the same thing and I've run
into a similar problem. I put three keys on the server
through ldap. After which I enabled ssl and tried to
add more through ldaps. The error message I get is...
"An error has occurred: server open failed"
here are my logs
------------------------------------------
Aug 26 08:27:22 corpldap02 slapd: <<< dnPrettyNormal:
<cn=PGPServerInfo>, <cn=pgpserverinfo>
Aug 26 08:27:22 corpldap02 slapd: SRCH
"cn=PGPServerInfo" 0 0 0 0 0
Aug 26 08:27:22 corpldap02 slapd: begin get_filter
Aug 26 08:27:22 corpldap02 slapd: PRESENT
Aug 26 08:27:22 corpldap02 slapd: ber_scanf fmt (m)
ber:
Aug 26 08:27:22 corpldap02 slapd: ber_dump:
buf=0x099838b8 ptr=0x099838de end=0x09983915 len=55
Aug 26 08:27:22 corpldap02 slapd: 0000: 87 0b 6f 62
6a 65 63 74 63 6c 61 73 73 30 28 04
..objectclass0(.
Aug 26 08:27:22 corpldap02 slapd: 0010: 0e 62 61 73
65 4b 65 79 73 70 61 63 65 44 4e 04
.baseKeyspaceDN.
Aug 26 08:27:22 corpldap02 slapd: 0020: 0d 62 61 73
65 50 65 6e 64 69 6e 67 44 4e 04 07
.basePendingDN..
Aug 26 08:27:22 corpldap02 slapd: 0030: 76 65 72 73
69 6f 6e version
Aug 26 08:27:22 corpldap02 slapd: end get_filter 0
Above you see the SRCH function then afterward I get
an attempted write. BTW I had to go back to using
"database ldbm" rather then bdb because for some
reason the client will not work when openldap is using
berekeley.
Aug 26 08:27:23 corpldap02 slapd: tls_write: want=74,
written=74
Aug 26 08:27:23 corpldap02 slapd: 0000: 17 03 01 00
18 8b 62 fe 6f 9c 03 98 72 5c 09 ba
......b.o...r\..
Aug 26 08:27:23 corpldap02 slapd: 0010: 3a c2 d6 2c
a4 0e 12 85 a0 69 34 91 97 17 03 01
:..,.....i4.....
Aug 26 08:27:23 corpldap02 slapd: 0020: 00 28 63 74
cf 6b b2 55 3a d7 82 73 b2 75 c1 4f
.(ct.k.U:..s.u.O
Aug 26 08:27:23 corpldap02 slapd: 0030: ec 87 6d 6b
e8 30 b5 d5 dd 31 b2 78 ed 20 43 30 ..mk.0...1.x.
C0
Aug 26 08:27:23 corpldap02 slapd: 0040: a8 69 d2 9d
79 43 d8 48 af 70 .i..yC.H.p
Aug 26 08:27:23 corpldap02 slapd: ldap_write: want=14,
written=14
Aug 26 08:27:23 corpldap02 slapd: 0000: 30 0c 02 01
01 65 07 0a 01 00 04 00 04 00 0....e........
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=6 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=7 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=8 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=9 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: activity on
1 descriptors
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=6 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=7 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=8 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=9 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: send_ldap_result:
conn=0 op=1 p=3
Aug 26 08:27:23 corpldap02 slapd: send_ldap_result:
err=10 matched="" text=""
Aug 26 08:27:23 corpldap02 slapd: send_ldap_response:
msgid=2 tag=101 err=32
Aug 26 08:27:23 corpldap02 slapd: ber_flush: 14 bytes
to sd 11
Aug 26 08:27:23 corpldap02 slapd: 0000: 30 0c 02 01
02 65 07 0a 01 20 04 00 04 00 0....e... ....
Aug 26 08:27:23 corpldap02 slapd: tls_write: want=74,
written=74
Aug 26 08:27:23 corpldap02 slapd: 0000: 17 03 01 00
18 35 88 36 57 4c a3 b5 35 ff 00 09
.....5.6WL..5...
Aug 26 08:27:23 corpldap02 slapd: 0010: 1e a0 5c 65
bc 36 ca c1 ca c1 3a ad 00 17 03 01
..\e.6....:.....
Aug 26 08:27:23 corpldap02 slapd: 0020: 00 28 1f 0a
19 a3 88 a9 b1 0e 94 cd 17 62 21 7e
.(...........b!~
Aug 26 08:27:23 corpldap02 slapd: 0030: cd 2d 85 1b
66 20 62 f3 15 08 ba 2f 7e 56 5f 58 .-..f
b..../~V_X
Aug 26 08:27:23 corpldap02 slapd: 0040: 11 18 50 42
7e a7 10 e0 54 cc ..PB~...T.
Aug 26 08:27:23 corpldap02 slapd: ldap_write: want=14,
written=14
Aug 26 08:27:23 corpldap02 slapd: 0000: 30 0c 02 01
02 65 07 0a 01 20 04 00 04 00 0....e... ....
------------------------------------------
--- "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:
> You might want to search the archives for reasons
> why others
> who came before you gave up...
>
> Kurt
>
> At 12:16 AM 8/26/2004, Luna, Joe wrote:
> >All,
> >
> >Anyone have experience implementing a PGP key
> server using openldap and the
> >schemas provided by PGP corporation? I'm trying to
> get a OpenLDAP PGP key
> >server up and running, so far I haven't had any
> major issues but this one is
> >driving me crazy.
> >
> >This is the deal, I cant add more than one key when
> sending to a 'ldaps' key
> >server, no not more than one at a time, one period.
> >
> >This is the log entry for a successful key upload
> via an ldaps connection:
> >
> >Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8
> fd=12 ACCEPT from
> >IP=192.168.254.1:1878 (IP=0.0.0.0:636) Aug 21
> 19:32:38 pgp-keyserver
> >slapd[1352]: conn=8 op=0 ADD
> dn="pgpCertID=07CADF9E0CC0E12C,ou=PGP
> >Keys,dc=domain,dc=com"
> >Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8
> op=0 RESULT tag=105 err=0
> >text= Aug 21 19:32:38 pgp-keyserver slapd[1352]:
> conn=8 op=0 RESULT tag=105
> >err=0 text= Aug 21 19:32:38 pgp-keyserver
> slapd[1352]: conn=8 op=1 UNBIND
> >Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8
> fd=12 closed
> >
> >If I try to send another key, this shows up in the
> log:
> >
> >Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9
> fd=12 ACCEPT from
> >IP=192.168.254.1:1879 (IP=0.0.0.0:636) Aug 21
> 19:32:47 pgp-keyserver
> >slapd[1352]: conn=9 op=0 SRCH
> base="cn=PGPServerInfo" scope=0
> >filter="(objectClass=*)"
> >Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9
> op=0 SRCH
> >attr=baseKeyspaceDN basePendingDN version Aug 21
> 19:32:47 pgp-keyserver
> >slapd[1352]: conn=9 op=0 RESULT tag=101 err=32
> text= Aug 21 19:33:10
> >pgp-keyserver slapd[1352]: conn=9 fd=12 closed
> >
> >Notice how line 2 is a 'SRCH' instead of an 'ADD'
> like line 2 of the
> >successful attempt? What could be causing this? Is
> this a client side issue,
> >im beginning to think so. So far the only thing I
> see to get around this is
> >to close the PGP client software and reopen it to
> send the second key. After
> >that key is uploaded the fun starts again, nothing
> else can be uploaded.
> >
> >Relevant information:
> >
> >Client OS: Windows XP Pro
> >Client Software: PGP Corporate desktop 8.1 LDAP
> Server: Fedora Core 2 LDAP
> >Software: # rpm -aq | grep ldap
> > nss_ldap-217-1
> > openldap-devel-2.1.29-1
> > openldap-2.1.29-1
> > php-ldap-4.3.4-11
> > openldap-clients-2.1.29-1
> > openldap-servers-2.1.29-1
> >
> >[root@pgp-keyserver ]# cat /etc/openldap/slapd.conf
> ####### BEGIN #######
> >
> >include /etc/openldap/schema/core.schema include
> >/etc/openldap/schema/pgp-keyserver.schema
> >include /etc/openldap/schema/pgp-remte-prefs.schema
> >
> >TLSCipherSuite HIGH:MEDIUM:+SSLv2
> >TLSCertificateFile /etc/openldap/slapdcert.pem
> TLSCertificateKeyFile
> >/etc/openldap/slapdkey.pem
> >
> >pidfile /var/run/slapd.pid
> >
> >sockbuf_max_incoming 524288
> >allow bind_v2
> >allow update_anon
> >
> >access to dn.sub="ou=PGP Keys,dc=domain,dc=com" by
> peername=127.0.0.1 write
> >by * read access to
> dn="cn=pgpprefs,dc=domain,dc=com" by
> peername=127.0.0.1
> >write by * read
> >
> >database bdb
> >suffix "ou=PGP Keys,dc=domain,dc=com"
> >rootdn "cn=Manager,ou=PGP Keys,dc=domain,dc=com"
> >rootpw {SSHA}KHgPsXtozlpujHbD1UBn$dWxYvr07j5Z
> >
> >directory /var/lib/ldap
> >
> >index objectClass eq
> >index pgpUserID sub,eq
> >index
> pgpCertID,pgpKeyID,pgpKeyType,pgpKeyCreateTime eq
> >index
> pgpSignerID,pgpSubKeyID,pgpKeySize,pgpKeyExpireTime
> eq
> >index pgpDisabled,pgpRevoked eq
> >index pgpElementType sub,eq
> >####### END #######
> >
> >I don't have much of a background with LDAP, so I
> hope I have provided
> >enough information. If someone knows a more
> appropriate list to post this to
> >please let me know.
> >
> >Thanks,
> >
> >Joe
> >
> >
> >.
>
>
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail