Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

gpg --send-keys (GnuPG and LDAP)
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
kidders
n00b
n00b


Joined: 06 Jan 2005
Posts: 14
Location: Dublin, IE
PostPosted: Fri May 05, 2006 3:07 pm    Post subject: gpg --send-keys (GnuPG and LDAP) Reply with quote
I've started learning how to store PGP keys on an LDAP server, but it hasn't taken me long to hit a brick wall :x I'm having real trouble even figuring out what I'm doing wrong, never mind solving it, partly because there are so many little variations in behaviour and config syntax between versions of OpenLDAP and GnuPG.

I'm using OpenLDAP 2.2.28-r3 and GnuPG 1.4.2.2. This is what I've done so far ...

I found a PGP schema and added it to my slapd.conf:

Code:
include         /etc/openldap/schema/pgp-keyserver.schema


I created somewhere to put keys in a pre-existing database:

Code:
dn: ou=PGP Keys,dc=EXAMPLE,dc=COM
objectClass: organizationalUnit
ou: PGP Keys

dn: cn=PGPServerInfo,ou=PGP Keys,dc=EXAMPLE,dc=COM
cn: PGPServerInfo
objectClass: pgpServerInfo


Then I ran into trouble with gpg --send-keys. My ~/.gnupg/gpg.conf contains ...

Code:
keyserver ldap://ldap.EXAMPLE.COM
keyserver-options basedn="ou=PGP Keys,dc=EXAMPLE,dc=COM"
keyserver-options binddn="cn=God,dc=EXAMPLE,dc=COM"
keyserver-options bindpw=SECRET


... but gpg doesn't seem to try to bind and I got "Modifications require authentication" in my slapd logs. It ignores binddn & bindpw and only pays attention to basedn. One place I visited suggested that those options aren't implemented. Eventually, I resorted to several variations of ...

Code:
allow update_anon

access to *
 by * read
 by * write


... in an effort to get anything at all to happen, but I still can't make gpg --send-keys happy. My slapd logs show:

Code:
slapd[9425]: conn=0 fd=11 ACCEPT from IP=192.168.4.102:60130 (IP=0.0.0.0:389)
slapd[9428]: conn=0 op=0 MOD dn="pgpCertID=8927DF9B409C12A5,ou=PGP Keys,dc=EXAMPLE,dc=COM"
slapd[9428]: conn=0 op=0 MOD attr=pgpDisabled pgpKeyID pgpKeyType pgpUserID pgpKeyCreateTime etc etc blah blah...
slapd[9428]: conn=0 op=0 RESULT tag=103 err=32 text=
slapd[9429]: conn=0 op=1 ADD dn="pgpCertID=8927DF9B409C12A5,ou=PGP Keys,dc=EXAMPLE,dc=COM"
slapd[9429]: conn=0 op=1 RESULT tag=105 err=50 text=no write access to parent
slapd[9429]: conn=0 fd=11 closed


I'd love to get a private mini keyserver going over LDAP with proper authentication, but I get the distinct impression I'm not fully understanding some subtlty or other in the configuration. I'd really appreciate some help.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy