Re: Using LDAP keyservers with gpg 2.1.11
OK ... I've done some more digging. The command KEYSERVER --clear was failing because it doesn't like the embedded username and password, i.e. it only works if the configuration just specifies ldaps://login.linaro.org. So, stripping the username and password out gets *that* bit of the code to work but ultimately fails when the code tries to send the key because it no longer has any authentication information. How/where am I supposed to specify the username and password? I've tried specifying: keyserver-options binddn="uid=user1,ou=PGP Keys,dc=EXAMPLE,dc=ORG" keyserver-options bindpw=PASSWORD which is what https://wiki.gnupg.org/LDAPKeyserver suggests, but the software complains they are unrecognised; I suspect that gnupg 2.1 removed those but it isn't clear if they got replaced by something else. Thanks. Philip On 8 April 2016 at 12:19, Philip Colmerwrote: > On 8 April 2016 at 11:55, Kristian Fiskerstrand > wrote: is ldap listed as a schema when doing KEYSERVER --help ? you can also check if ldd /usr/bin/dirmngr shows a linkage to libldap > > Thanks for this suggestion. dirmngr wasn't listing ldap, so I've > installed the extra bits, rebuilt and now it is. > > However, unfortunately, now --send-key breaks earlier than it was :( > > gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache > memstat trust hashing cardio ipc clock lookup extprog > gpg: DBG: [not enabled in the source] start > gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg > gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf > gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service > gpg: DBG: connection to the dirmngr established > gpg: DBG: chan_3 -> GETINFO version > gpg: DBG: chan_3 <- D 2.1.11 > gpg: DBG: chan_3 <- OK > gpg: DBG: chan_3 -> KEYSERVER --clear > ldaps://:@login.linaro.org?dc=linaro,dc=org > gpg: DBG: chan_3 <- ERR 167772161 General error > gpg: no keyserver known > gpg: keyserver send failed: No keyserver available > gpg: DBG: chan_3 -> BYE > gpg: DBG: [not enabled in the source] stop > > This used to be the output ... > > gpg: DBG: [not enabled in the source] start > gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg > gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf > gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service > gpg: DBG: chan_4 <- # Home: /home/ubuntu/.gnupg > gpg: DBG: chan_4 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf > gpg: DBG: chan_4 <- OK Dirmngr 2.1.11 at your service > gpg: DBG: connection to the dirmngr established > gpg: DBG: chan_4 -> GETINFO version > gpg: DBG: chan_4 <- D 2.1.11 > gpg: DBG: chan_4 <- OK > gpg: DBG: chan_4 -> KEYSERVER --clear ldaps://:@login.linaro.org > gpg: DBG: chan_4 <- OK > gpg: DBG: chan_4 -> KEYSERVER > gpg: DBG: chan_4 <- S KEYSERVER ldaps://uid=:@login.linaro.org > gpg: DBG: chan_4 <- OK > gpg: DBG: [not enabled in the source] keydb_new > gpg: DBG: [not enabled in the source] keydb_search enter > > Regards > > Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using LDAP keyservers with gpg 2.1.11
On 7 April 2016 at 17:03, Kristian Fiskerstrandwrote: > is ldap listed as a schema when doing KEYSERVER --help ? you can also > check if ldd /usr/bin/dirmngr shows a linkage to libldap Sorry - how do I check the schema? I'm not sure what command you are asking me to run. With regards to the ldd command, no, there is no linkage to libldap. I have the libldap package installed, so do I need to do something to get gnupg to link to it when I build it? Regards Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using LDAP keyservers with gpg 2.1.11
On 8 April 2016 at 11:55, Kristian Fiskerstrandwrote: >>> is ldap listed as a schema when doing KEYSERVER --help ? you can >>> also check if ldd /usr/bin/dirmngr shows a linkage to libldap Thanks for this suggestion. dirmngr wasn't listing ldap, so I've installed the extra bits, rebuilt and now it is. However, unfortunately, now --send-key breaks earlier than it was :( gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing cardio ipc clock lookup extprog gpg: DBG: [not enabled in the source] start gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service gpg: DBG: connection to the dirmngr established gpg: DBG: chan_3 -> GETINFO version gpg: DBG: chan_3 <- D 2.1.11 gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> KEYSERVER --clear ldaps://:@login.linaro.org?dc=linaro,dc=org gpg: DBG: chan_3 <- ERR 167772161 General error gpg: no keyserver known gpg: keyserver send failed: No keyserver available gpg: DBG: chan_3 -> BYE gpg: DBG: [not enabled in the source] stop This used to be the output ... gpg: DBG: [not enabled in the source] start gpg: DBG: chan_3 <- # Home: /home/ubuntu/.gnupg gpg: DBG: chan_3 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf gpg: DBG: chan_3 <- OK Dirmngr 2.1.11 at your service gpg: DBG: chan_4 <- # Home: /home/ubuntu/.gnupg gpg: DBG: chan_4 <- # Config: /home/ubuntu/.gnupg/dirmngr.conf gpg: DBG: chan_4 <- OK Dirmngr 2.1.11 at your service gpg: DBG: connection to the dirmngr established gpg: DBG: chan_4 -> GETINFO version gpg: DBG: chan_4 <- D 2.1.11 gpg: DBG: chan_4 <- OK gpg: DBG: chan_4 -> KEYSERVER --clear ldaps://:@login.linaro.org gpg: DBG: chan_4 <- OK gpg: DBG: chan_4 -> KEYSERVER gpg: DBG: chan_4 <- S KEYSERVER ldaps://uid=:@login.linaro.org gpg: DBG: chan_4 <- OK gpg: DBG: [not enabled in the source] keydb_new gpg: DBG: [not enabled in the source] keydb_search enter Regards Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using LDAP keyservers with gpg 2.1.11
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04/08/2016 12:38 PM, Philip Colmer wrote: > On 7 April 2016 at 17:03, Kristian Fiskerstrand >wrote: >> is ldap listed as a schema when doing KEYSERVER --help ? you can >> also check if ldd /usr/bin/dirmngr shows a linkage to libldap > > Sorry - how do I check the schema? I'm not sure what command you > are asking me to run. $ dirmngr OK Dirmngr 2.1.11 at your service KEYSERVER --help S # Known schemata: S # hkp S # hkps S # http S # finger S # kdns S # ldap S # (Use an URL for engine specific help.) OK > > With regards to the ldd command, no, there is no linkage to > libldap. I have the libldap package installed, so do I need to do > something to get gnupg to link to it when I build it? > you need the appropriate header files for the library (-dev packages as well) and for good measure I specify --with-ldap in the gnupg build - -- - Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk - Public OpenPGP key at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - Aquila non capit muscas The eagle does not hunt flies -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJXB443AAoJECULev7WN52FO2wIAMbGQp92GrEtCwF0wXZ6PJTA otCRJC37Wvcsk+2zcW1Tkfe+zauSDblsTAy6GkrYTvWGdzR/Bt+vSFU8A8qzTe/Q QBPtYU6I5ErPdj3VGpPZ7ruboH/R3pRT6DREd4Ag/FqqaHoEPA9+ePvpzgXOZiS6 9DktTodvqZDhxhI7xjbGVeGnq8YfrXTshjEyAThpIjOHQBFheMvdmHc9yvvFWnFn jpnXRJK2XiGiorvigsAtBhXwoGzwdFjyEsXL3ljSEUUQRWDlvEnwUPCThGu1FwiU eK/6wS3XZ67gWUE0bY5nZQNDrf1hYTqrlBHZq9PuuRwSY8oW2O83VhAi381AFwE= =tAhY -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using LDAP keyservers with gpg 2.1.11
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 04/07/2016 04:58 PM, Philip Colmer wrote: > On 7 April 2016 at 15:40, Werner Kochwrote: >> On Wed, 6 Apr 2016 17:33, philip.col...@linaro.org said: >> >>> However, with version 2.1.11, it isn't working. Enabling debug >>> options where I can find them gives me this output: >> >> Please enable debugging for dirmngr and restart dirmngr. All >> network access is done via the dirmngr daemon which is started >> when needed. > > I've configured debugging for dirmngr in dirmngr.conf as follows: > > debug-level guru debug-all > > dirmngr is running with its homedir set to the directory > containing that conf file. > > If I should be doing something different to get more debugging > info out of dirmngr, please clarify. At the moment, the only > information I seem to be getting is: > > gpg: DBG: chan_4 <- ERR 167772346 No keyserver available is ldap listed as a schema when doing KEYSERVER --help ? you can also check if ldd /usr/bin/dirmngr shows a linkage to libldap - -- - Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk - Public OpenPGP key at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - Aquila non capit muscas The eagle does not hunt flies -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJXBoTrAAoJECULev7WN52F3MkH/iR6xVI49aBItDWtP+AShovp 6bnQ1E2iEA0FXo04LdKw4ab/REnsGXsOqVvtyjndqIO32lFzw4dw73wwJUq0m12N xqQuNJASMs+Gu/jzQh/JiYmorilZgt+S7QgElIIureeD1oH3gKAvFalrATxex03e 0nG0bQQE/WJnpRITP8qW9pP0XWR8bqUiOd9bIAmeHntuZj1RJif87a4ntcWPc7xt X3cLRphIL+AxGk2kL8g0Y4ojbZ0GQfyYHlg6X6cYXIIu7Pv4cdmzCUGjoMuex70K +uFv1TP+TNV30oJwDea72zegty04H8QvreCx6dGAni+PNwcF96J8csi0RX7UGqM= =U3Uh -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using LDAP keyservers with gpg 2.1.11
On 7 April 2016 at 15:40, Werner Kochwrote: > On Wed, 6 Apr 2016 17:33, philip.col...@linaro.org said: > >> However, with version 2.1.11, it isn't working. Enabling debug options >> where I can find them gives me this output: > > Please enable debugging for dirmngr and restart dirmngr. All network > access is done via the dirmngr daemon which is started when needed. I've configured debugging for dirmngr in dirmngr.conf as follows: debug-level guru debug-all dirmngr is running with its homedir set to the directory containing that conf file. If I should be doing something different to get more debugging info out of dirmngr, please clarify. At the moment, the only information I seem to be getting is: gpg: DBG: chan_4 <- ERR 167772346 No keyserver available Which doesn't really tell me much, and I cannot figure out where in the source code this is happening. Regards Philip ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Using LDAP keyservers with gpg 2.1.11
On Wed, 6 Apr 2016 17:33, philip.col...@linaro.org said: > However, with version 2.1.11, it isn't working. Enabling debug options > where I can find them gives me this output: Please enable debugging for dirmngr and restart dirmngr. All network access is done via the dirmngr daemon which is started when needed. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users