Re: Help setting gpgsm to do LDAP lookup

John Scott via Gnupg-users Wed, 27 May 2020 21:51:08 -0700

On Monday, May 18, 2020 2:53:55 AM EDT Werner Koch wrote:
> On Sat, 16 May 2020 23:24, John Scott said:
>> Looking up recipients with both dirmngr-client and
>> gpgsm --verbose --list-external-keys [recipient]
>> are fruitless whether I drop the ads\ from my username or not. I've bumped
>> the ldaptimeout to 25. Still both commands finish instantaneously
> I just did a quick test using using
> 
>   ldap.pca.dfn.de::::o=DFN-Verein,c=DE:ldap
> 
> which works as expected.  It has no username and password, though.
> To better debug this you should add
> 
> --8<---------------cut here---------------start------------->8---
> verbose
> log-file socket://
> debug ipc,lookup,extprog
> no-use-tor
> --8<---------------cut here---------------end--------------->8---
> [...]
> Look at the log file while running these commands; hopefully you see an
> error message.
Thank you. The extra logging and options didn't reveal anything insightful to 
me (attached). I've also adjusted the credentials after getting help in my 
organization.


I notice that if I use a non-SSL port like 389 or 3268—which I'm not sure they 
support the use of, I think they might require non-opportunistic TLS—I get an 
'S PROGRESS TICK ? 0 0" message and Dirmngr takes its time before calling it 
quits.

On the other hand using 636 or 3269 Dirmngr seems to not try and gets the log. 
The URI says only ldap://, can/could/should I specify TLS?

  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: chan_6 <- lookup foobar
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: cmd_lookup: trying 
ads.foo.com:636 base=ou=Accounts,dc=ads,dc=foo,dc=com
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: ldap wrapper 348782 started 
(0x00007fae80005e10, /usr/lib/gnupg/dirmngr_ldap)
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: reader_callback: fp[0] 
stream=0x00007fae800024d0 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=2000)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae80005d90 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae80005d90 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]: processing 
url 
'ldap:///ou%3DAccounts,dc%3Dads,dc%3Dfoo,dc%3Dcom?userCertificate,caCertificate,x509caCert?sub?(%7C(sn%3D*foobar*)(%7C(cn%3D*foobar*)(mail%3D*foobar*)))'
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]:           
user 'jsc...@foo.com'
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=1996)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae80005d90 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae80005d90 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]:           
pass '*****'
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]:           
host 'ads.foo.com'
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]:           
port 636
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]:             
DN 'ou=Accounts,dc=ads,dc=foo,dc=com'
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=1996)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae80005d90 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae80005d90 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=1996)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae80005d90 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae80005d90 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=1940)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae80005d90 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: reader_callback: fp[0] 
stream=0x00007fae800024d0 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: releasing ldap worker 
c=0x00007fae800055f0 pid=348782/348782 rdr=0x00007fae80005e10 
ctrl=0x00007fae80000ba0/1
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: cmd_lookup: no data
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: cmd_lookup: trying 
ads.foo.com:636 base=ou=Accounts,dc=ads,dc=foo,dc=com
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: ldap wrapper 348783 started 
(0x00007fae80006350, /usr/lib/gnupg/dirmngr_ldap)
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: reader_callback: fp[0] 
stream=0x00007fae800024d0 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae80005d90 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348782]:         
filter '(|(sn=*foobar
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: ldap wrapper 348782 ready: 
exitcode=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap worker stati:
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG:   c=0x00007fae80005e10 
pid=348783/348783 rdr=0x00007fae80006350 logfp=0x00007fae800062d0 
ctrl=0x00007fae80000ba0/1 la=1590627929 rdy=0
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG:   c=0x00007fae800055f0 
pid=-1/348782 rdr=0x0000000000000000 logfp=0x0000000000000000 
ctrl=0x0000000000000000/0 la=1590627929 rdy=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=1939)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]: processing 
url 
'ldap:///ou%3DAccounts,dc%3Dads,dc%3Dfoo,dc%3Dcom?userCertificate,caCertificate,x509caCert?sub?(%7C(sn%3D*foobar*)(%7C(cn%3D*foobar*)(mail%3D*foobar*)))'
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]:           
user 'jsc...@foo.com'
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=1935)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]:           
pass '*****'
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]:           
host 'ads.foo.com'
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]:           
port 636
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]:             
DN 'ou=Accounts,dc=ads,dc=foo,dc=com'
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=1935)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=1935)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=1889)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: next run 
(count=1 size=1, timeout=1889)
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 want=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: reader_callback: fp[0] 
stream=0x00007fae800024d0 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: releasing ldap worker 
c=0x00007fae80005e10 pid=348783/348783 rdr=0x00007fae80006350 
ctrl=0x00007fae80000ba0/1
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: cmd_lookup: no data
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: command 'LOOKUP' failed: No data
  4 - 2020-05-27 21:05:29 dirmngr[348691.6]: DBG: chan_6 -> ERR 167772218 No 
data <Dirmngr>
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap-reaper: fp[0] 
stream=0x00007fae800062d0 r=1 r------
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: dirmngr_ldap[348783]:         
filter '(|(sn=*fooba
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: ldap wrapper 348783 ready: 
exitcode=1
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG: ldap worker stati:
  4 - 2020-05-27 21:05:29 dirmngr[348691.0]: DBG:   c=0x00007fae80005e10 
pid=-1/348783 rdr=0x0000000000000000 logfp=0x0000000000000000 
ctrl=0x0000000000000000/0 la=1590627929 rdy=1

signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Help setting gpgsm to do LDAP lookup

Reply via email to