David, Thanks - your hint on v1.4.3 solved the bind problem. > > Furthermore, when trying to do that with apache's ldap server, it did > not like the SSL it got from my gpg > (http://issues.apache.org/jira/browse/DIR-185). > > Try adding "keyserver-options debug=1" and running it again to get > some idea what GPG is seeing. Since I didn't find a 1.4.3 version for Linux or windows with TLS support enabled, I am doing my other experiments with cygwin 1.4.2 version (without the bind).
The "unknown_ca" error (reported in the above issue tracker 185) I saw on the server (directory.apache.org) side apparently was issued by the gpg client. For other ldapclients such as EQ or command-line ldapsearch, we solved that by creating a ~/.ldaprc file and either adding the server key with TLS_CACERT /path/to/cacert.pem or reducing the protection by adding TLS_REQCERT never Unfortunately, with gpg, this did not help. Putting the same into /etc/ldap/ldap.conf as per http://marc.theaimsgroup.com/?l=gnupg-users&m=109095590410758&w=2 didn't do it either. So my log now is: Ralf [EMAIL PROTECTED]:/etc/ldap> gpg.1.4.2.1 --keyserver ldaps://localhost:2636 --keyserver-options 'binddn="dn=micky"' --keyserver-options "debug=5" --keyserver-options bindpw=mouse --search-keys Tes t gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information gpg: searching for "Test" from ldaps server localhost gpgkeys: debug level 5 ldap_create ldap_search put_filter: "(objectClass=*)" put_filter: simple put_simple_filter: "objectClass=*" ldap_send_initial_request ldap_new_connection ldap_int_open_connection ldap_connect_to_host: TCP localhost:2636 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying 127.0.0.1:2636 ldap_connect_timeout: fd: 4 tm: -1 async: 0 ldap_ndelay_on: 4 ldap_is_sock_ready: 4 ldap_ndelay_off: 4 TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 0, err: 18, subject: /DC=com/DC=netcetera/[EMAIL PROTECTED], issuer: /DC=com/DC=netcetera/[EMAIL PROTECTED] TLS certificate verification: Error, self signed certificate TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect. ldap_search put_filter: "(objectClass=*)" put_filter: simple put_simple_filter: "objectClass=*" ldap_send_initial_request ldap_send_server_request ldap_err2string gpgkeys: unable to retrieve LDAP base: Can't contact LDAP server gpg: key "Test" not found on keyserver gpg: keyserver internal error gpg: keyserver search failed: keyserver error Any hints would still be highly appreciated Ralf _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users