[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP PGP key server
You might want to search the archives for reasons why others
who came before you gave up...
Kurt
At 12:16 AM 8/26/2004, Luna, Joe wrote:
>All,
>
>Anyone have experience implementing a PGP key server using openldap and the
>schemas provided by PGP corporation? I'm trying to get a OpenLDAP PGP key
>server up and running, so far I haven't had any major issues but this one is
>driving me crazy.
>
>This is the deal, I cant add more than one key when sending to a 'ldaps' key
>server, no not more than one at a time, one period.
>
>This is the log entry for a successful key upload via an ldaps connection:
>
>Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 fd=12 ACCEPT from
>IP=192.168.254.1:1878 (IP=0.0.0.0:636) Aug 21 19:32:38 pgp-keyserver
>slapd[1352]: conn=8 op=0 ADD dn="pgpCertID=07CADF9E0CC0E12C,ou=PGP
>Keys,dc=domain,dc=com"
>Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 op=0 RESULT tag=105 err=0
>text= Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 op=0 RESULT tag=105
>err=0 text= Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 op=1 UNBIND
>Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8 fd=12 closed
>
>If I try to send another key, this shows up in the log:
>
>Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9 fd=12 ACCEPT from
>IP=192.168.254.1:1879 (IP=0.0.0.0:636) Aug 21 19:32:47 pgp-keyserver
>slapd[1352]: conn=9 op=0 SRCH base="cn=PGPServerInfo" scope=0
>filter="(objectClass=*)"
>Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9 op=0 SRCH
>attr=baseKeyspaceDN basePendingDN version Aug 21 19:32:47 pgp-keyserver
>slapd[1352]: conn=9 op=0 RESULT tag=101 err=32 text= Aug 21 19:33:10
>pgp-keyserver slapd[1352]: conn=9 fd=12 closed
>
>Notice how line 2 is a 'SRCH' instead of an 'ADD' like line 2 of the
>successful attempt? What could be causing this? Is this a client side issue,
>im beginning to think so. So far the only thing I see to get around this is
>to close the PGP client software and reopen it to send the second key. After
>that key is uploaded the fun starts again, nothing else can be uploaded.
>
>Relevant information:
>
>Client OS: Windows XP Pro
>Client Software: PGP Corporate desktop 8.1 LDAP Server: Fedora Core 2 LDAP
>Software: # rpm -aq | grep ldap
> nss_ldap-217-1
> openldap-devel-2.1.29-1
> openldap-2.1.29-1
> php-ldap-4.3.4-11
> openldap-clients-2.1.29-1
> openldap-servers-2.1.29-1
>
>[root@pgp-keyserver ]# cat /etc/openldap/slapd.conf ####### BEGIN #######
>
>include /etc/openldap/schema/core.schema include
>/etc/openldap/schema/pgp-keyserver.schema
>include /etc/openldap/schema/pgp-remte-prefs.schema
>
>TLSCipherSuite HIGH:MEDIUM:+SSLv2
>TLSCertificateFile /etc/openldap/slapdcert.pem TLSCertificateKeyFile
>/etc/openldap/slapdkey.pem
>
>pidfile /var/run/slapd.pid
>
>sockbuf_max_incoming 524288
>allow bind_v2
>allow update_anon
>
>access to dn.sub="ou=PGP Keys,dc=domain,dc=com" by peername=127.0.0.1 write
>by * read access to dn="cn=pgpprefs,dc=domain,dc=com" by peername=127.0.0.1
>write by * read
>
>database bdb
>suffix "ou=PGP Keys,dc=domain,dc=com"
>rootdn "cn=Manager,ou=PGP Keys,dc=domain,dc=com"
>rootpw {SSHA}KHgPsXtozlpujHbD1UBn$dWxYvr07j5Z
>
>directory /var/lib/ldap
>
>index objectClass eq
>index pgpUserID sub,eq
>index pgpCertID,pgpKeyID,pgpKeyType,pgpKeyCreateTime eq
>index pgpSignerID,pgpSubKeyID,pgpKeySize,pgpKeyExpireTime eq
>index pgpDisabled,pgpRevoked eq
>index pgpElementType sub,eq
>####### END #######
>
>I don't have much of a background with LDAP, so I hope I have provided
>enough information. If someone knows a more appropriate list to post this to
>please let me know.
>
>Thanks,
>
>Joe
>
>
>.