On Tue, Feb 21, 2006 at 11:42:56PM +0100, Walter Haidinger wrote: > On Tue, 21 Feb 2006, David Shaw wrote: > > > On Tue, Feb 21, 2006 at 11:12:32PM +0100, Walter Haidinger wrote: > > > On Tue, 21 Feb 2006, David Shaw wrote: > > > > > > > > beause GnuPG looks for PGPServerInfo unter the base DN, > > > > > not under dn="ou=PGP Keys,dc=DOMAIN,dc=COM". > > > > > > > > Not exactly. It looks for PGPServerInfo under each DN returned from > > > > namingContexts in order. It may well check for > > > > "cn=PGPServerInfo,dc=DOMAIN,dc=COM" first, but once that fails, it'll > > > > get to "cn=PGPServerInfo,ou=PGP Keys,dc=DOMAIN,dc=COM" next. > > > > > > As far as I can tell from my slapd logs, it only checks for > > > "cn=PGPServerInfo,dc=DOMAIN,dc=COM" once and stops failing that. > > > > What does: > > > > ldapsearch -h your-ldap-server -x -b "" -s base namingcontexts > > > > return? > > dn: > namingContexts: dc=private > > This is my base DN (i.e. the suffix specified in slapd.conf). > Should probably be "dc=DOMAIN,dc=COM" following the example above.
gpgkeys_ldap will only check DNs given in namingContexts. That's part of the LDAP design that the PGP folks did, to allow programs to automatically locate the key store. If you need to override the autodetection, do something like: keyserver-options basedn="ou=PGP Keys,dc=DOMAIN,dc=COM" David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
