[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP PGP key server

To: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP PGP key server
From: ray v <rayv5n@yahoo.com>
Date: Thu, 26 Aug 2004 08:51:21 -0700 (PDT)
In-reply-to: <6.1.2.0.0.20040826120034.046d9718@127.0.0.1>

Hi Kurt,

I've gone back of the archives for the last 3 years,
can you be more specific then "why others who cam
before you gave up...."?

If I'm to give up I'd rather not do it after wasting
the next couple of days searching for an answer that
isn't there :)

Not that I don't dig the whole eastern-mysticism thing
its just I have a boss to report to and time is
running out.

danke!


--- "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:

> You might want to search the archives for reasons
> why others
> who came before you gave up...
> 
> Kurt
> 
> At 12:16 AM 8/26/2004, Luna, Joe wrote:
> >All,
> >
> >Anyone have experience implementing a PGP key
> server using openldap and the
> >schemas provided by PGP corporation? I'm trying to
> get a OpenLDAP PGP key
> >server up and running, so far I haven't had any
> major issues but this one is
> >driving me crazy. 
> >
> >This is the deal, I cant add more than one key when
> sending to a 'ldaps' key
> >server, no not more than one at a time, one period.
> >
> >This is the log entry for a successful key upload
> via an ldaps connection:
> >
> >Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8
> fd=12 ACCEPT from
> >IP=192.168.254.1:1878 (IP=0.0.0.0:636) Aug 21
> 19:32:38 pgp-keyserver
> >slapd[1352]: conn=8 op=0 ADD
> dn="pgpCertID=07CADF9E0CC0E12C,ou=PGP
> >Keys,dc=domain,dc=com" 
> >Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8
> op=0 RESULT tag=105 err=0
> >text= Aug 21 19:32:38 pgp-keyserver slapd[1352]:
> conn=8 op=0 RESULT tag=105
> >err=0 text= Aug 21 19:32:38 pgp-keyserver
> slapd[1352]: conn=8 op=1 UNBIND
> >Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8
> fd=12 closed 
> >
> >If I try to send another key, this shows up in the
> log:
> >
> >Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9
> fd=12 ACCEPT from
> >IP=192.168.254.1:1879 (IP=0.0.0.0:636) Aug 21
> 19:32:47 pgp-keyserver
> >slapd[1352]: conn=9 op=0 SRCH
> base="cn=PGPServerInfo" scope=0
> >filter="(objectClass=*)" 
> >Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9
> op=0 SRCH
> >attr=baseKeyspaceDN basePendingDN version Aug 21
> 19:32:47 pgp-keyserver
> >slapd[1352]: conn=9 op=0 RESULT tag=101 err=32
> text= Aug 21 19:33:10
> >pgp-keyserver slapd[1352]: conn=9 fd=12 closed
> >
> >Notice how line 2 is a 'SRCH' instead of an 'ADD'
> like line 2 of the
> >successful attempt? What could be causing this? Is
> this a client side issue,
> >im beginning to think so. So far the only thing I
> see to get around this is
> >to close the PGP client software and reopen it to
> send the second key. After
> >that key is uploaded the fun starts again, nothing
> else can be uploaded.
> >
> >Relevant information:
> >
> >Client OS: Windows XP Pro
> >Client Software: PGP Corporate desktop 8.1 LDAP
> Server: Fedora Core 2 LDAP
> >Software: # rpm -aq | grep ldap
> >        nss_ldap-217-1
> >        openldap-devel-2.1.29-1
> >        openldap-2.1.29-1
> >        php-ldap-4.3.4-11
> >        openldap-clients-2.1.29-1
> >        openldap-servers-2.1.29-1
> >
> >[root@pgp-keyserver ]# cat /etc/openldap/slapd.conf
> ####### BEGIN #######
> >
> >include /etc/openldap/schema/core.schema include
> >/etc/openldap/schema/pgp-keyserver.schema
> >include /etc/openldap/schema/pgp-remte-prefs.schema
> >
> >TLSCipherSuite HIGH:MEDIUM:+SSLv2
> >TLSCertificateFile /etc/openldap/slapdcert.pem
> TLSCertificateKeyFile
> >/etc/openldap/slapdkey.pem
> >
> >pidfile /var/run/slapd.pid
> >
> >sockbuf_max_incoming    524288
> >allow   bind_v2
> >allow   update_anon
> >
> >access to dn.sub="ou=PGP Keys,dc=domain,dc=com" by
> peername=127.0.0.1 write
> >by * read access to
> dn="cn=pgpprefs,dc=domain,dc=com" by
> peername=127.0.0.1
> >write by * read
> >
> >database        bdb
> >suffix  "ou=PGP Keys,dc=domain,dc=com"
> >rootdn  "cn=Manager,ou=PGP Keys,dc=domain,dc=com"
> >rootpw  {SSHA}KHgPsXtozlpujHbD1UBn$dWxYvr07j5Z
> >
> >directory       /var/lib/ldap
> >
> >index   objectClass     eq
> >index   pgpUserID       sub,eq
> >index  
> pgpCertID,pgpKeyID,pgpKeyType,pgpKeyCreateTime  eq
> >index  
> pgpSignerID,pgpSubKeyID,pgpKeySize,pgpKeyExpireTime 
>    eq
> >index   pgpDisabled,pgpRevoked  eq
> >index   pgpElementType  sub,eq
> >####### END #######
> >
> >I don't have much of a background with LDAP, so I
> hope I have provided
> >enough information. If someone knows a more
> appropriate list to post this to
> >please let me know. 
> >
> >Thanks,
> >
> >Joe
> >
> >
> >.
> 
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

References:
- Re: OpenLDAP PGP key server
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: OpenLDAP PGP key server
Next by Date: slurpd question with GSSAPI
Index(es):
- Chronological
- Thread