[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: OpenLDAP PGP key server

To: Thomas Vincent <tvincent@2wire.com>, OpenLDAP <openldap-software@OpenLDAP.org>
Subject: Re: OpenLDAP PGP key server
From: ray v <rayv5n@yahoo.com>
Date: Thu, 26 Aug 2004 10:13:00 -0700 (PDT)
In-reply-to: <BD535C5E.3533%tvincent@2wire.com>
I have not approached PGP because I expected that they
would not support it. We want to used Openldap because
PGP's directory is serious vulnerable and the most
worthless piece of tripe one can imagine.

PHEW! had to get that off my chest...

Thomas what errors/debugging info do you have? can I
see it please?

I've compared notes with Joe Luna's posting and I
think we've both come to the same conclusion with
reguard to configuration and errors.

BTW can someone recomend a debug level that could help
us narrow our problem seaerch. I've used everything
from 4 to 256 and -d -1 seems to be the only way of
getting good information. Unfortunately its like
trying to drink from a fire hose.



--- Thomas Vincent <tvincent@2wire.com> wrote:

> Me 2,
> Has anyone tried taking this issue up with PGP? We
> tried support, but they
> said they don't support this.
> 
> Cheers,
> Tom
> 
> 
> On 8/26/04 8:32 AM, "ray v" <rayv5n@yahoo.com>
> wrote:
> 
> > 
> > 
> > I'm trying to accomplish the same thing and I've
> run
> > into a similar problem. I put three keys on the
> server
> > through ldap. After which I enabled ssl and tried
> to
> > add more through ldaps. The error message I get
> is...
> > 
> > 
> > "An error has occurred: server open failed"
> > 
> > here are my logs
> > 
> > ------------------------------------------
> > Aug 26 08:27:22 corpldap02 slapd: <<<
> dnPrettyNormal:
> > <cn=PGPServerInfo>, <cn=pgpserverinfo>
> > Aug 26 08:27:22 corpldap02 slapd: SRCH
> > "cn=PGPServerInfo" 0 0    0 0 0
> > Aug 26 08:27:22 corpldap02 slapd: begin get_filter
> > Aug 26 08:27:22 corpldap02 slapd: PRESENT
> > Aug 26 08:27:22 corpldap02 slapd: ber_scanf fmt
> (m)
> > ber:
> > Aug 26 08:27:22 corpldap02 slapd: ber_dump:
> > buf=0x099838b8 ptr=0x099838de end=0x09983915
> len=55
> > Aug 26 08:27:22 corpldap02 slapd:   0000:  87 0b
> 6f 62
> > 6a 65 63 74  63 6c 61 73 73 30 28 04
> > ..objectclass0(.
> > Aug 26 08:27:22 corpldap02 slapd:   0010:  0e 62
> 61 73
> > 65 4b 65 79  73 70 61 63 65 44 4e 04
> > .baseKeyspaceDN.
> > Aug 26 08:27:22 corpldap02 slapd:   0020:  0d 62
> 61 73
> > 65 50 65 6e  64 69 6e 67 44 4e 04 07
> > .basePendingDN..
> > Aug 26 08:27:22 corpldap02 slapd:   0030:  76 65
> 72 73
> > 69 6f 6e                               version
> > Aug 26 08:27:22 corpldap02 slapd: end get_filter 0
> > 
> > Above you see the SRCH function then afterward I
> get
> > an attempted write. BTW I had to go back to using
> > "database ldbm" rather then bdb because for some
> > reason the client will not work when openldap is
> using
> > berekeley. 
> > 
> > 
> > Aug 26 08:27:23 corpldap02 slapd: tls_write:
> want=74,
> > written=74
> > Aug 26 08:27:23 corpldap02 slapd:   0000:  17 03
> 01 00
> > 18 8b 62 fe  6f 9c 03 98 72 5c 09 ba
> > ......b.o...r\..
> > Aug 26 08:27:23 corpldap02 slapd:   0010:  3a c2
> d6 2c
> > a4 0e 12 85  a0 69 34 91 97 17 03 01
> > :..,.....i4.....
> > Aug 26 08:27:23 corpldap02 slapd:   0020:  00 28
> 63 74
> > cf 6b b2 55  3a d7 82 73 b2 75 c1 4f
> > .(ct.k.U:..s.u.O
> > Aug 26 08:27:23 corpldap02 slapd:   0030:  ec 87
> 6d 6b
> > e8 30 b5 d5  dd 31 b2 78 ed 20 43 30  
> ..mk.0...1.x.
> > C0
> > Aug 26 08:27:23 corpldap02 slapd:   0040:  a8 69
> d2 9d
> > 79 43 d8 48  af 70                     .i..yC.H.p
> > Aug 26 08:27:23 corpldap02 slapd: ldap_write:
> want=14,
> > written=14
> > Aug 26 08:27:23 corpldap02 slapd:   0000:  30 0c
> 02 01
> > 01 65 07 0a  01 00 04 00 04 00        
> 0....e........
> > Aug 26 08:27:23 corpldap02 slapd: daemon: select:
> > listen=6 active_threads=1 tvp=NULL
> > Aug 26 08:27:23 corpldap02 slapd: daemon: select:
> > listen=7 active_threads=1 tvp=NULL
> > Aug 26 08:27:23 corpldap02 slapd: daemon: select:
> > listen=8 active_threads=1 tvp=NULL
> > Aug 26 08:27:23 corpldap02 slapd: daemon: select:
> > listen=9 active_threads=1 tvp=NULL
> > Aug 26 08:27:23 corpldap02 slapd: daemon: activity
> on
> > 1 descriptors
> > Aug 26 08:27:23 corpldap02 slapd: daemon: select:
> > listen=6 active_threads=1 tvp=NULL
> > Aug 26 08:27:23 corpldap02 slapd: daemon: select:
> > listen=7 active_threads=1 tvp=NULL
> > Aug 26 08:27:23 corpldap02 slapd: daemon: select:
> > listen=8 active_threads=1 tvp=NULL
> > Aug 26 08:27:23 corpldap02 slapd: daemon: select:
> > listen=9 active_threads=1 tvp=NULL
> > Aug 26 08:27:23 corpldap02 slapd:
> send_ldap_result:
> > conn=0 op=1 p=3
> > Aug 26 08:27:23 corpldap02 slapd:
> send_ldap_result:
> > err=10 matched="" text=""
> > Aug 26 08:27:23 corpldap02 slapd:
> send_ldap_response:
> > msgid=2 tag=101 err=32
> > Aug 26 08:27:23 corpldap02 slapd: ber_flush: 14
> bytes
> > to sd 11
> > Aug 26 08:27:23 corpldap02 slapd:   0000:  30 0c
> 02 01
> > 02 65 07 0a  01 20 04 00 04 00         0....e...
> ....
> > Aug 26 08:27:23 corpldap02 slapd: tls_write:
> want=74,
> > written=74
> > Aug 26 08:27:23 corpldap02 slapd:   0000:  17 03
> 01 00
> > 18 35 88 36  57 4c a3 b5 35 ff 00 09
> > .....5.6WL..5...
> > Aug 26 08:27:23 corpldap02 slapd:   0010:  1e a0
> 5c 65
> > bc 36 ca c1  ca c1 3a ad 00 17 03 01
> > ..\e.6....:.....
> > Aug 26 08:27:23 corpldap02 slapd:   0020:  00 28
> 1f 0a
> > 19 a3 88 a9  b1 0e 94 cd 17 62 21 7e
> > .(...........b!~
> > Aug 26 08:27:23 corpldap02 slapd:   0030:  cd 2d
> 85 1b
> > 66 20 62 f3  15 08 ba 2f 7e 56 5f 58   .-..f
> > b..../~V_X
> > Aug 26 08:27:23 corpldap02 slapd:   0040:  11 18
> 50 42
> > 7e a7 10 e0  54 cc                     ..PB~...T.
> > Aug 26 08:27:23 corpldap02 slapd: ldap_write:
> want=14,
> > written=14
> > Aug 26 08:27:23 corpldap02 slapd:   0000:  30 0c
> 02 01
> > 02 65 07 0a  01 20 04 00 04 00         0....e...
> ....
> > 
> > 
> > ------------------------------------------
> > 
> > 
> > 
> > --- "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:
> > 
> >> You might want to search the archives for reasons
> >> why others
> >> who came before you gave up...
> >> 
> >> Kurt
> >> 
> >> At 12:16 AM 8/26/2004, Luna, Joe wrote:
> >>> All,
> >>> 
> >>> Anyone have experience implementing a PGP key
> >> server using openldap and the
> >>> schemas provided by PGP corporation? I'm trying
> to
> >> get a OpenLDAP PGP key
> >>> server up and running, so far I haven't had any
> >> major issues but this one is
> >>> driving me crazy.
> >>> 
> >>> This is the deal, I cant add more than one key
> when
> >> sending to a 'ldaps' key
> >>> server, no not more than one at a time, one
> period.
> >>> 
> >>> This is the log entry for a successful key
> upload
> >> via an ldaps connection:
> >>> 
> >>> Aug 21 19:32:38 pgp-keyserver slapd[1352]:
> conn=8
> >> fd=12 ACCEPT from
> 
=== message truncated ===



		
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush
References:
- Re: OpenLDAP PGP key server
  - From: Thomas Vincent <tvincent@2wire.com>
Prev by Date: Re: slurpd question with GSSAPI
Next by Date: Re: slurpd question with GSSAPI
Index(es):
- Chronological
- Thread