From 4061b34ef31e467870c01c9263b07fe5a76b9a45 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 4 Aug 2025 18:10:05 +0200
Subject: dirmngr: Allow the use of an ntds like schema on OpenLDAP et al.

* dirmngr/ks-engine-ldap.c (SERVERINFO_CNFPR): New.  Replace all
SERVERINFO_NTDS with this one.
(interrogate_ldap_dn): Parse "cnfpr" flag and set SERVERINFO_CNFPR.
Set this flag also for "ntds".
* doc/ldap/gnupg-ldap-init.ldif (pgpVersion): Suggest the use of the
"cnfpr" flag.
--

Note that SERVERINFO_NTDS is currently not anymore used directly but
we keep it in case we need to do other NTDS specific things in the
future.

The advantage of using a fingerprint for referencing a key is that
there won't be any collisions in the keyid.  Further this unifies the
schema with an LDS (Windows) installation where DNs must anyway be
unique.  But take care the client needs to support this new flag.

GnuPG-bug-id: 7742
---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 9329b05a8..1adc154ea 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,9 @@
 Noteworthy changes in version 2.5.12 (unreleased)
 -------------------------------------------------
 
+  * dirmgr: Support LDAP servers using a schema like the Windows LDS
+    servers.  [T7742]
+
   * gpgtar: Fix regression in end-of-archive detection.  [T7757]
 
   Release-info: https://dev.gnupg.org/T7756
-- 
cgit v1.2.3