[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP PGP key server




I'm trying to accomplish the same thing and I've run
into a similar problem. I put three keys on the server
through ldap. After which I enabled ssl and tried to
add more through ldaps. The error message I get is...


"An error has occurred: server open failed"

here are my logs

------------------------------------------
Aug 26 08:27:22 corpldap02 slapd: <<< dnPrettyNormal:
<cn=PGPServerInfo>, <cn=pgpserverinfo>
Aug 26 08:27:22 corpldap02 slapd: SRCH
"cn=PGPServerInfo" 0 0    0 0 0
Aug 26 08:27:22 corpldap02 slapd: begin get_filter
Aug 26 08:27:22 corpldap02 slapd: PRESENT
Aug 26 08:27:22 corpldap02 slapd: ber_scanf fmt (m)
ber:
Aug 26 08:27:22 corpldap02 slapd: ber_dump:
buf=0x099838b8 ptr=0x099838de end=0x09983915 len=55
Aug 26 08:27:22 corpldap02 slapd:   0000:  87 0b 6f 62
6a 65 63 74  63 6c 61 73 73 30 28 04  
..objectclass0(.
Aug 26 08:27:22 corpldap02 slapd:   0010:  0e 62 61 73
65 4b 65 79  73 70 61 63 65 44 4e 04  
.baseKeyspaceDN.
Aug 26 08:27:22 corpldap02 slapd:   0020:  0d 62 61 73
65 50 65 6e  64 69 6e 67 44 4e 04 07  
.basePendingDN..
Aug 26 08:27:22 corpldap02 slapd:   0030:  76 65 72 73
69 6f 6e                               version
Aug 26 08:27:22 corpldap02 slapd: end get_filter 0

Above you see the SRCH function then afterward I get
an attempted write. BTW I had to go back to using
"database ldbm" rather then bdb because for some
reason the client will not work when openldap is using
berekeley. 


Aug 26 08:27:23 corpldap02 slapd: tls_write: want=74,
written=74
Aug 26 08:27:23 corpldap02 slapd:   0000:  17 03 01 00
18 8b 62 fe  6f 9c 03 98 72 5c 09 ba  
......b.o...r\..
Aug 26 08:27:23 corpldap02 slapd:   0010:  3a c2 d6 2c
a4 0e 12 85  a0 69 34 91 97 17 03 01  
:..,.....i4.....
Aug 26 08:27:23 corpldap02 slapd:   0020:  00 28 63 74
cf 6b b2 55  3a d7 82 73 b2 75 c1 4f  
.(ct.k.U:..s.u.O
Aug 26 08:27:23 corpldap02 slapd:   0030:  ec 87 6d 6b
e8 30 b5 d5  dd 31 b2 78 ed 20 43 30   ..mk.0...1.x.
C0
Aug 26 08:27:23 corpldap02 slapd:   0040:  a8 69 d2 9d
79 43 d8 48  af 70                     .i..yC.H.p
Aug 26 08:27:23 corpldap02 slapd: ldap_write: want=14,
written=14
Aug 26 08:27:23 corpldap02 slapd:   0000:  30 0c 02 01
01 65 07 0a  01 00 04 00 04 00         0....e........
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=6 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=7 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=8 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=9 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: activity on
1 descriptors
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=6 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=7 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=8 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: daemon: select:
listen=9 active_threads=1 tvp=NULL
Aug 26 08:27:23 corpldap02 slapd: send_ldap_result:
conn=0 op=1 p=3
Aug 26 08:27:23 corpldap02 slapd: send_ldap_result:
err=10 matched="" text=""
Aug 26 08:27:23 corpldap02 slapd: send_ldap_response:
msgid=2 tag=101 err=32
Aug 26 08:27:23 corpldap02 slapd: ber_flush: 14 bytes
to sd 11
Aug 26 08:27:23 corpldap02 slapd:   0000:  30 0c 02 01
02 65 07 0a  01 20 04 00 04 00         0....e... ....
Aug 26 08:27:23 corpldap02 slapd: tls_write: want=74,
written=74
Aug 26 08:27:23 corpldap02 slapd:   0000:  17 03 01 00
18 35 88 36  57 4c a3 b5 35 ff 00 09  
.....5.6WL..5...
Aug 26 08:27:23 corpldap02 slapd:   0010:  1e a0 5c 65
bc 36 ca c1  ca c1 3a ad 00 17 03 01  
..\e.6....:.....
Aug 26 08:27:23 corpldap02 slapd:   0020:  00 28 1f 0a
19 a3 88 a9  b1 0e 94 cd 17 62 21 7e  
.(...........b!~
Aug 26 08:27:23 corpldap02 slapd:   0030:  cd 2d 85 1b
66 20 62 f3  15 08 ba 2f 7e 56 5f 58   .-..f
b..../~V_X
Aug 26 08:27:23 corpldap02 slapd:   0040:  11 18 50 42
7e a7 10 e0  54 cc                     ..PB~...T.
Aug 26 08:27:23 corpldap02 slapd: ldap_write: want=14,
written=14
Aug 26 08:27:23 corpldap02 slapd:   0000:  30 0c 02 01
02 65 07 0a  01 20 04 00 04 00         0....e... ....


------------------------------------------



--- "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:

> You might want to search the archives for reasons
> why others
> who came before you gave up...
> 
> Kurt
> 
> At 12:16 AM 8/26/2004, Luna, Joe wrote:
> >All,
> >
> >Anyone have experience implementing a PGP key
> server using openldap and the
> >schemas provided by PGP corporation? I'm trying to
> get a OpenLDAP PGP key
> >server up and running, so far I haven't had any
> major issues but this one is
> >driving me crazy. 
> >
> >This is the deal, I cant add more than one key when
> sending to a 'ldaps' key
> >server, no not more than one at a time, one period.
> >
> >This is the log entry for a successful key upload
> via an ldaps connection:
> >
> >Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8
> fd=12 ACCEPT from
> >IP=192.168.254.1:1878 (IP=0.0.0.0:636) Aug 21
> 19:32:38 pgp-keyserver
> >slapd[1352]: conn=8 op=0 ADD
> dn="pgpCertID=07CADF9E0CC0E12C,ou=PGP
> >Keys,dc=domain,dc=com" 
> >Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8
> op=0 RESULT tag=105 err=0
> >text= Aug 21 19:32:38 pgp-keyserver slapd[1352]:
> conn=8 op=0 RESULT tag=105
> >err=0 text= Aug 21 19:32:38 pgp-keyserver
> slapd[1352]: conn=8 op=1 UNBIND
> >Aug 21 19:32:38 pgp-keyserver slapd[1352]: conn=8
> fd=12 closed 
> >
> >If I try to send another key, this shows up in the
> log:
> >
> >Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9
> fd=12 ACCEPT from
> >IP=192.168.254.1:1879 (IP=0.0.0.0:636) Aug 21
> 19:32:47 pgp-keyserver
> >slapd[1352]: conn=9 op=0 SRCH
> base="cn=PGPServerInfo" scope=0
> >filter="(objectClass=*)" 
> >Aug 21 19:32:47 pgp-keyserver slapd[1352]: conn=9
> op=0 SRCH
> >attr=baseKeyspaceDN basePendingDN version Aug 21
> 19:32:47 pgp-keyserver
> >slapd[1352]: conn=9 op=0 RESULT tag=101 err=32
> text= Aug 21 19:33:10
> >pgp-keyserver slapd[1352]: conn=9 fd=12 closed
> >
> >Notice how line 2 is a 'SRCH' instead of an 'ADD'
> like line 2 of the
> >successful attempt? What could be causing this? Is
> this a client side issue,
> >im beginning to think so. So far the only thing I
> see to get around this is
> >to close the PGP client software and reopen it to
> send the second key. After
> >that key is uploaded the fun starts again, nothing
> else can be uploaded.
> >
> >Relevant information:
> >
> >Client OS: Windows XP Pro
> >Client Software: PGP Corporate desktop 8.1 LDAP
> Server: Fedora Core 2 LDAP
> >Software: # rpm -aq | grep ldap
> >        nss_ldap-217-1
> >        openldap-devel-2.1.29-1
> >        openldap-2.1.29-1
> >        php-ldap-4.3.4-11
> >        openldap-clients-2.1.29-1
> >        openldap-servers-2.1.29-1
> >
> >[root@pgp-keyserver ]# cat /etc/openldap/slapd.conf
> ####### BEGIN #######
> >
> >include /etc/openldap/schema/core.schema include
> >/etc/openldap/schema/pgp-keyserver.schema
> >include /etc/openldap/schema/pgp-remte-prefs.schema
> >
> >TLSCipherSuite HIGH:MEDIUM:+SSLv2
> >TLSCertificateFile /etc/openldap/slapdcert.pem
> TLSCertificateKeyFile
> >/etc/openldap/slapdkey.pem
> >
> >pidfile /var/run/slapd.pid
> >
> >sockbuf_max_incoming    524288
> >allow   bind_v2
> >allow   update_anon
> >
> >access to dn.sub="ou=PGP Keys,dc=domain,dc=com" by
> peername=127.0.0.1 write
> >by * read access to
> dn="cn=pgpprefs,dc=domain,dc=com" by
> peername=127.0.0.1
> >write by * read
> >
> >database        bdb
> >suffix  "ou=PGP Keys,dc=domain,dc=com"
> >rootdn  "cn=Manager,ou=PGP Keys,dc=domain,dc=com"
> >rootpw  {SSHA}KHgPsXtozlpujHbD1UBn$dWxYvr07j5Z
> >
> >directory       /var/lib/ldap
> >
> >index   objectClass     eq
> >index   pgpUserID       sub,eq
> >index  
> pgpCertID,pgpKeyID,pgpKeyType,pgpKeyCreateTime  eq
> >index  
> pgpSignerID,pgpSubKeyID,pgpKeySize,pgpKeyExpireTime 
>    eq
> >index   pgpDisabled,pgpRevoked  eq
> >index   pgpElementType  sub,eq
> >####### END #######
> >
> >I don't have much of a background with LDAP, so I
> hope I have provided
> >enough information. If someone knows a more
> appropriate list to post this to
> >please let me know. 
> >
> >Thanks,
> >
> >Joe
> >
> >
> >.
> 
> 



		
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail