diff options
| author | Werner Koch <[email protected]> | 2021-05-17 13:35:27 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-05-17 14:36:36 +0000 |
| commit | 1406f551f1e00a03eabf5b8bd3011bf6393ce318 (patch) | |
| tree | b795ef19475087852013f1b36bffaae65ce5057a /dirmngr/ks-engine-ldap.c | |
| parent | sm: Ask for the password for password based decryption (pwri) (diff) | |
| download | gnupg-1406f551f1e00a03eabf5b8bd3011bf6393ce318.tar.gz gnupg-1406f551f1e00a03eabf5b8bd3011bf6393ce318.zip | |
dirmngr: LDAP search by a mailbox now ignores revoked keys.
* dirmngr/ks-engine-ldap.c (keyspec_to_ldap_filter): Ignore revoked
and disable keys in mail mode.
--
The LDAP schema has a revoked and a disabled flag. The former will be
set if a revoked key is uploaded; the latter can be set by other
means. With this change a search by mailbox does not anymore return
keys with these LDAP attributes set. This allows to better maintain a
directory with multiple keys per mailbox.
Doing the same for expired keys could also be done but requires more
effort.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'dirmngr/ks-engine-ldap.c')
| -rw-r--r-- | dirmngr/ks-engine-ldap.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 67c456ce3..15def111c 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -379,7 +379,8 @@ keyspec_to_ldap_filter (const char *keyspec, char **filter, int only_exact, else p = freeme; if ((serverinfo & SERVERINFO_SCHEMAV2)) - f = xasprintf ("(gpgMailbox=%s)", p); + f = xasprintf ("(&(gpgMailbox=%s)(!(|(pgpRevoked=1)(pgpDisabled=1))))", + p); else if (!only_exact) f = xasprintf ("(pgpUserID=*<%s>*)", p); break; |