Re: Using LDAP keyservers with gpg 2.1.11

2016-04-11 Thread Philip Colmer
OK ... I've done some more digging.

The command

KEYSERVER --clear

was failing because it doesn't like the embedded username and
password, i.e. it only works if the configuration just specifies
ldaps://login.linaro.org.

So, stripping the username and password out gets *that* bit of the
code to work but ultimately fails when the code tries to send the key
because it no longer has any authentication information.

How/where am I supposed to specify the username and password? I've
tried specifying:

keyserver-options binddn="uid=user1,ou=PGP Keys,dc=EXAMPLE,dc=ORG"
keyserver-options bindpw=PASSWORD

which is what https://wiki.gnupg.org/LDAPKeyserver suggests, but the
software complains they are unrecognised; I suspect that gnupg 2.1
removed those but it isn't clear if they got replaced by something
else.

Thanks.

Philip


On 8 April 2016 at 12:19, Philip Colmer  wrote:
> On 8 April 2016 at 11:55, Kristian Fiskerstrand
>  wrote:
 is ldap listed as a schema when doing KEYSERVER --help ? you can
 also check if ldd /usr/bin/dirmngr shows a linkage to libldap
>
> Thanks for this suggestion. dirmngr wasn't listing ldap, so I've
> installed the extra bits, rebuilt and now it is.
>
> However, unfortunately, now --send-key breaks earlier than it was :(
>
> gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache
> memstat trust hashing cardio ipc clock lookup extprog
> gpg: DBG: [not enabled in the source] start
> gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg
> gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
> gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service
> gpg: DBG: connection to the dirmngr established
> gpg: DBG: chan_3 -> GETINFO version
> gpg: DBG: chan_3 <- D 2.1.11
> gpg: DBG: chan_3 <- OK
> gpg: DBG: chan_3 -> KEYSERVER --clear
> ldaps://:@login.linaro.org?dc=linaro,dc=org
> gpg: DBG: chan_3 <- ERR 167772161 General error 
> gpg: no keyserver known
> gpg: keyserver send failed: No keyserver available
> gpg: DBG: chan_3 -> BYE
> gpg: DBG: [not enabled in the source] stop
>
> This used to be the output ...
>
> gpg: DBG: [not enabled in the source] start
> gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg
> gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
> gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service
> gpg: DBG: chan_4 <- # Home: /home/ubuntu/.gnupg
> gpg: DBG: chan_4 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
> gpg: DBG: chan_4 <- OK Dirmngr 2.1.11 at your service
> gpg: DBG: connection to the dirmngr established
> gpg: DBG: chan_4 -> GETINFO version
> gpg: DBG: chan_4 <- D 2.1.11
> gpg: DBG: chan_4 <- OK
> gpg: DBG: chan_4 -> KEYSERVER --clear ldaps://:@login.linaro.org
> gpg: DBG: chan_4 <- OK
> gpg: DBG: chan_4 -> KEYSERVER
> gpg: DBG: chan_4 <- S KEYSERVER ldaps://uid=:@login.linaro.org
> gpg: DBG: chan_4 <- OK
> gpg: DBG: [not enabled in the source] keydb_new
> gpg: DBG: [not enabled in the source] keydb_search enter
>
> Regards
>
> Philip

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Using LDAP keyservers with gpg 2.1.11

2016-04-08 Thread Philip Colmer
On 7 April 2016 at 17:03, Kristian Fiskerstrand
 wrote:
> is ldap listed as a schema when doing KEYSERVER --help ? you can also
> check if ldd /usr/bin/dirmngr shows a linkage to libldap

Sorry - how do I check the schema? I'm not sure what command you are
asking me to run.

With regards to the ldd command, no, there is no linkage to libldap. I
have the libldap package installed, so do I need to do something to
get gnupg to link to it when I build it?

Regards

Philip

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Using LDAP keyservers with gpg 2.1.11

2016-04-08 Thread Philip Colmer
On 8 April 2016 at 11:55, Kristian Fiskerstrand
 wrote:
>>> is ldap listed as a schema when doing KEYSERVER --help ? you can
>>> also check if ldd /usr/bin/dirmngr shows a linkage to libldap

Thanks for this suggestion. dirmngr wasn't listing ldap, so I've
installed the extra bits, rebuilt and now it is.

However, unfortunately, now --send-key breaks earlier than it was :(

gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache
memstat trust hashing cardio ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg
gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.11
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear
ldaps://:@login.linaro.org?dc=linaro,dc=org
gpg: DBG: chan_3 <- ERR 167772161 General error 
gpg: no keyserver known
gpg: keyserver send failed: No keyserver available
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop

This used to be the output ...

gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg
gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service
gpg: DBG: chan_4 <- # Home: /home/ubuntu/.gnupg
gpg: DBG: chan_4 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf
gpg: DBG: chan_4 <- OK Dirmngr 2.1.11 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_4 -> GETINFO version
gpg: DBG: chan_4 <- D 2.1.11
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> KEYSERVER --clear ldaps://:@login.linaro.org
gpg: DBG: chan_4 <- OK
gpg: DBG: chan_4 -> KEYSERVER
gpg: DBG: chan_4 <- S KEYSERVER ldaps://uid=:@login.linaro.org
gpg: DBG: chan_4 <- OK
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter

Regards

Philip

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Using LDAP keyservers with gpg 2.1.11

2016-04-08 Thread Kristian Fiskerstrand
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 04/08/2016 12:38 PM, Philip Colmer wrote:
> On 7 April 2016 at 17:03, Kristian Fiskerstrand 
>  wrote:
>> is ldap listed as a schema when doing KEYSERVER --help ? you can 
>> also check if ldd /usr/bin/dirmngr shows a linkage to libldap
> 
> Sorry - how do I check the schema? I'm not sure what command you 
> are asking me to run.

$ dirmngr
OK Dirmngr 2.1.11 at your service
KEYSERVER --help
S # Known schemata:
S #   hkp
S #   hkps
S #   http
S #   finger
S #   kdns
S #   ldap
S # (Use an URL for engine specific help.)
OK


> 
> With regards to the ldd command, no, there is no linkage to 
> libldap. I have the libldap package installed, so do I need to do 
> something to get gnupg to link to it when I build it?
> 


you need the appropriate header files for the library (-dev packages
as well) and for good measure I specify --with-ldap in the gnupg build

- -- 
- 
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Aquila non capit muscas
The eagle does not hunt flies
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJXB443AAoJECULev7WN52FO2wIAMbGQp92GrEtCwF0wXZ6PJTA
otCRJC37Wvcsk+2zcW1Tkfe+zauSDblsTAy6GkrYTvWGdzR/Bt+vSFU8A8qzTe/Q
QBPtYU6I5ErPdj3VGpPZ7ruboH/R3pRT6DREd4Ag/FqqaHoEPA9+ePvpzgXOZiS6
9DktTodvqZDhxhI7xjbGVeGnq8YfrXTshjEyAThpIjOHQBFheMvdmHc9yvvFWnFn
jpnXRJK2XiGiorvigsAtBhXwoGzwdFjyEsXL3ljSEUUQRWDlvEnwUPCThGu1FwiU
eK/6wS3XZ67gWUE0bY5nZQNDrf1hYTqrlBHZq9PuuRwSY8oW2O83VhAi381AFwE=
=tAhY
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Using LDAP keyservers with gpg 2.1.11

2016-04-07 Thread Kristian Fiskerstrand
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 04/07/2016 04:58 PM, Philip Colmer wrote:
> On 7 April 2016 at 15:40, Werner Koch  wrote:
>> On Wed,  6 Apr 2016 17:33, philip.col...@linaro.org said:
>> 
>>> However, with version 2.1.11, it isn't working. Enabling debug
>>> options where I can find them gives me this output:
>> 
>> Please enable debugging for dirmngr and restart dirmngr.  All
>> network access is done via the dirmngr daemon which is started
>> when needed.
> 
> I've configured debugging for dirmngr in dirmngr.conf as follows:
> 
> debug-level guru debug-all
> 
> dirmngr is running with its homedir set to the directory
> containing that conf file.
> 
> If I should be doing something different to get more debugging
> info out of dirmngr, please clarify. At the moment, the only
> information I seem to be getting is:
> 
> gpg: DBG: chan_4 <- ERR 167772346 No keyserver available 

is ldap listed as a schema when doing KEYSERVER --help ? you can also
check if ldd /usr/bin/dirmngr shows a linkage to libldap


- -- 
- 
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Aquila non capit muscas
The eagle does not hunt flies
-BEGIN PGP SIGNATURE-

iQEcBAEBCgAGBQJXBoTrAAoJECULev7WN52F3MkH/iR6xVI49aBItDWtP+AShovp
6bnQ1E2iEA0FXo04LdKw4ab/REnsGXsOqVvtyjndqIO32lFzw4dw73wwJUq0m12N
xqQuNJASMs+Gu/jzQh/JiYmorilZgt+S7QgElIIureeD1oH3gKAvFalrATxex03e
0nG0bQQE/WJnpRITP8qW9pP0XWR8bqUiOd9bIAmeHntuZj1RJif87a4ntcWPc7xt
X3cLRphIL+AxGk2kL8g0Y4ojbZ0GQfyYHlg6X6cYXIIu7Pv4cdmzCUGjoMuex70K
+uFv1TP+TNV30oJwDea72zegty04H8QvreCx6dGAni+PNwcF96J8csi0RX7UGqM=
=U3Uh
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Using LDAP keyservers with gpg 2.1.11

2016-04-07 Thread Philip Colmer
On 7 April 2016 at 15:40, Werner Koch  wrote:
> On Wed,  6 Apr 2016 17:33, philip.col...@linaro.org said:
>
>> However, with version 2.1.11, it isn't working. Enabling debug options
>> where I can find them gives me this output:
>
> Please enable debugging for dirmngr and restart dirmngr.  All network
> access is done via the dirmngr daemon which is started when needed.

I've configured debugging for dirmngr in dirmngr.conf as follows:

debug-level guru
debug-all

dirmngr is running with its homedir set to the directory containing
that conf file.

If I should be doing something different to get more debugging info
out of dirmngr, please clarify. At the moment, the only information I
seem to be getting is:

gpg: DBG: chan_4 <- ERR 167772346 No keyserver available 

Which doesn't really tell me much, and I cannot figure out where in
the source code this is happening.

Regards

Philip

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


Re: Using LDAP keyservers with gpg 2.1.11

2016-04-07 Thread Werner Koch
On Wed,  6 Apr 2016 17:33, philip.col...@linaro.org said:

> However, with version 2.1.11, it isn't working. Enabling debug options
> where I can find them gives me this output:

Please enable debugging for dirmngr and restart dirmngr.  All network
access is done via the dirmngr daemon which is started when needed.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users