[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP PGP key server



All,

Anyone have experience implementing a PGP key server using openldap and the
schemas provided by PGP corporation? I'm trying to get a OpenLDAP PGP key
server up and running, so far I haven't had any major issues but this one is
driving me crazy. 

This is the deal, I cant add more than one key when sending to a 'ldaps' key
server, no not more than one at a time, one period.

This is the log entry for a successful key upload via an ldaps connection:

Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 fd=12 ACCEPT from
IP=192.168.254.1:1878 (IP=0.0.0.0:636) Aug 21 19:32:38 pgp-keyserver
slapd[1352]: conn=8 op=0 ADD dn="pgpCertID=07CADF9E0CC0E12C,ou=PGP
Keys,dc=domain,dc=com" 
Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 op=0 RESULT tag=105 err=0
text= Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 op=0 RESULT tag=105
err=0 text= Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 op=1 UNBIND
Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 fd=12 closed 

If I try to send another key, this shows up in the log:

Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9 fd=12 ACCEPT from
IP=192.168.254.1:1879 (IP=0.0.0.0:636) Aug 21 19:32:47 pgp-keyserver
slapd[1352]: conn=9 op=0 SRCH base="cn=PGPServerInfo" scope=0
filter="(objectClass=*)" 
Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9 op=0 SRCH
attr=baseKeyspaceDN basePendingDN version Aug 21 19:32:47 pgp-keyserver
slapd[1352]: conn=9 op=0 RESULT tag=101 err=32 text= Aug 21 19:33:10
pgp-keyserver slapd[1352]: conn=9 fd=12 closed

Notice how line 2 is a 'SRCH' instead of an 'ADD' like line 2 of the
successful attempt? What could be causing this? Is this a client side issue,
im beginning to think so. So far the only thing I see to get around this is
to close the PGP client software and reopen it to send the second key. After
that key is uploaded the fun starts again, nothing else can be uploaded.

Relevant information:

Client OS: Windows XP Pro
Client Software: PGP Corporate desktop 8.1 LDAP Server: Fedora Core 2 LDAP
Software: # rpm -aq | grep ldap
	nss_ldap-217-1
	openldap-devel-2.1.29-1
	openldap-2.1.29-1
	php-ldap-4.3.4-11
	openldap-clients-2.1.29-1
	openldap-servers-2.1.29-1

[root@pgp-keyserver ]# cat /etc/openldap/slapd.conf ####### BEGIN #######

include /etc/openldap/schema/core.schema include
/etc/openldap/schema/pgp-keyserver.schema
include /etc/openldap/schema/pgp-remte-prefs.schema

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/openldap/slapdcert.pem TLSCertificateKeyFile
/etc/openldap/slapdkey.pem

pidfile /var/run/slapd.pid

sockbuf_max_incoming    524288
allow   bind_v2
allow   update_anon

access to dn.sub="ou=PGP Keys,dc=domain,dc=com" by peername=127.0.0.1 write
by * read access to dn="cn=pgpprefs,dc=domain,dc=com" by peername=127.0.0.1
write by * read

database        bdb
suffix  "ou=PGP Keys,dc=domain,dc=com"
rootdn  "cn=Manager,ou=PGP Keys,dc=domain,dc=com"
rootpw  {SSHA}KHgPsXtozlpujHbD1UBn$dWxYvr07j5Z

directory       /var/lib/ldap

index   objectClass     eq
index   pgpUserID       sub,eq
index   pgpCertID,pgpKeyID,pgpKeyType,pgpKeyCreateTime  eq
index   pgpSignerID,pgpSubKeyID,pgpKeySize,pgpKeyExpireTime     eq
index   pgpDisabled,pgpRevoked  eq
index   pgpElementType  sub,eq
####### END #######

I don't have much of a background with LDAP, so I hope I have provided
enough information. If someone knows a more appropriate list to post this to
please let me know. 

Thanks,

Joe


.