diff options
| author | Werner Koch <[email protected]> | 2021-02-17 16:31:36 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-02-17 16:40:02 +0000 |
| commit | ab7dc4b524c3e2ad5153acfdbfa879a9e62d2dbe (patch) | |
| tree | 91e80e544bfc2169524614dc5772d06dae792ecd /doc/gpg.texi | |
| parent | build: Update gpg-error.m4 again. (diff) | |
| download | gnupg-ab7dc4b524c3e2ad5153acfdbfa879a9e62d2dbe.tar.gz gnupg-ab7dc4b524c3e2ad5153acfdbfa879a9e62d2dbe.zip | |
dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.
* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
extension.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
hostname - which is NULL and thus the same if not given. Fix minor
error in error code handling.
--
Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet
been officially regisetered. Thus for correctness the OID can be
used:
1.3.6.1.4.1.11591.2.5 LDAP URL extensions
1.3.6.1.4.1.11591.2.5.1 gpgNtds=1 (auth. with current user)
Note that the value must be 1; all other values won't enable AD
authentication and are resevered for future use.
This has been cherry-picked from the 2.2 branch,
commit 55f46b33df08e8e0ea520ade5f73b321bc01d705
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'doc/gpg.texi')
| -rw-r--r-- | doc/gpg.texi | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 8975cf9cd..6b912d674 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1911,13 +1911,13 @@ Use @var{name} as your keyserver. This is the server that will communicate with to receive keys from, send keys to, and search for keys on. The format of the @var{name} is a URI: `scheme:[//]keyservername[:port]' The scheme is the type of keyserver: -"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP -keyservers, or "mailto" for the Graff email keyserver. Note that your -particular installation of GnuPG may have other keyserver types -available as well. Keyserver schemes are case-insensitive. After the -keyserver name, optional keyserver configuration options may be -provided. These are the same as the global @option{--keyserver-options} -from below, but apply only to this particular keyserver. +"hkp"/"hkps" for the HTTP (or compatible) keyservers or "ldap"/"ldaps" +for the LDAP keyservers. Note that your particular installation of +GnuPG may have other keyserver types available as well. Keyserver +schemes are case-insensitive. After the keyserver name, optional +keyserver configuration options may be provided. These are the same as +the global @option{--keyserver-options} from below, but apply only to +this particular keyserver. Most keyservers synchronize with each other, so there is generally no need to send keys to more than one server. The keyserver |