[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP PGP key server
All,
Anyone have experience implementing a PGP key server using openldap and the
schemas provided by PGP corporation? I'm trying to get a OpenLDAP PGP key
server up and running, so far I haven't had any major issues but this one is
driving me crazy.
This is the deal, I cant add more than one key when sending to a 'ldaps' key
server, no not more than one at a time, one period.
This is the log entry for a successful key upload via an ldaps connection:
Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 fd=12 ACCEPT from
IP=192.168.254.1:1878 (IP=0.0.0.0:636) Aug 21 19:32:38 pgp-keyserver
slapd[1352]: conn=8 op=0 ADD dn="pgpCertID=07CADF9E0CC0E12C,ou=PGP
Keys,dc=domain,dc=com"
Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 op=0 RESULT tag=105 err=0
text= Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 op=0 RESULT tag=105
err=0 text= Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 op=1 UNBIND
Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 fd=12 closed
If I try to send another key, this shows up in the log:
Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9 fd=12 ACCEPT from
IP=192.168.254.1:1879 (IP=0.0.0.0:636) Aug 21 19:32:47 pgp-keyserver
slapd[1352]: conn=9 op=0 SRCH base="cn=PGPServerInfo" scope=0
filter="(objectClass=*)"
Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9 op=0 SRCH
attr=baseKeyspaceDN basePendingDN version Aug 21 19:32:47 pgp-keyserver
slapd[1352]: conn=9 op=0 RESULT tag=101 err=32 text= Aug 21 19:33:10
pgp-keyserver slapd[1352]: conn=9 fd=12 closed
Notice how line 2 is a 'SRCH' instead of an 'ADD' like line 2 of the
successful attempt? What could be causing this? Is this a client side issue,
im beginning to think so. So far the only thing I see to get around this is
to close the PGP client software and reopen it to send the second key. After
that key is uploaded the fun starts again, nothing else can be uploaded.
Relevant information:
Client OS: Windows XP Pro
Client Software: PGP Corporate desktop 8.1 LDAP Server: Fedora Core 2 LDAP
Software: # rpm -aq | grep ldap
nss_ldap-217-1
openldap-devel-2.1.29-1
openldap-2.1.29-1
php-ldap-4.3.4-11
openldap-clients-2.1.29-1
openldap-servers-2.1.29-1
[root@pgp-keyserver ]# cat /etc/openldap/slapd.conf ####### BEGIN #######
include /etc/openldap/schema/core.schema include
/etc/openldap/schema/pgp-keyserver.schema
include /etc/openldap/schema/pgp-remte-prefs.schema
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/openldap/slapdcert.pem TLSCertificateKeyFile
/etc/openldap/slapdkey.pem
pidfile /var/run/slapd.pid
sockbuf_max_incoming 524288
allow bind_v2
allow update_anon
access to dn.sub="ou=PGP Keys,dc=domain,dc=com" by peername=127.0.0.1 write
by * read access to dn="cn=pgpprefs,dc=domain,dc=com" by peername=127.0.0.1
write by * read
database bdb
suffix "ou=PGP Keys,dc=domain,dc=com"
rootdn "cn=Manager,ou=PGP Keys,dc=domain,dc=com"
rootpw {SSHA}KHgPsXtozlpujHbD1UBn$dWxYvr07j5Z
directory /var/lib/ldap
index objectClass eq
index pgpUserID sub,eq
index pgpCertID,pgpKeyID,pgpKeyType,pgpKeyCreateTime eq
index pgpSignerID,pgpSubKeyID,pgpKeySize,pgpKeyExpireTime eq
index pgpDisabled,pgpRevoked eq
index pgpElementType sub,eq
####### END #######
I don't have much of a background with LDAP, so I hope I have provided
enough information. If someone knows a more appropriate list to post this to
please let me know.
Thanks,
Joe
.