On Thu, Jun 15, 2006 at 07:14:57AM +0200, Ralf Hauser wrote: > David, > > Thanks - your hint on v1.4.3 solved the bind problem. > > > Furthermore, when trying to do that with apache's ldap server, it did > > not like the SSL it got from my gpg > > (http://issues.apache.org/jira/browse/DIR-185). > > > > Try adding "keyserver-options debug=1" and running it again to get > > some idea what GPG is seeing. > Since I didn't find a 1.4.3 version for Linux or windows with TLS support > enabled, I am doing my other experiments with cygwin 1.4.2 version (without > the bind). > > The "unknown_ca" error (reported in the above issue tracker 185) I saw on the > server (directory.apache.org) side apparently was issued by the gpg client. > > For other ldapclients such as EQ or command-line ldapsearch, we solved that > by creating a ~/.ldaprc file and either adding the server key with > TLS_CACERT /path/to/cacert.pem
keyserver-options ca-cert-file=/path/to/cacert.pem > or reducing the protection by adding > TLS_REQCERT never keyserver-options no-check-cert Again, though, these are 1.4.3 features. They won't work on your 1.4.2. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users