Page MenuHome GnuPG
Create Task
Maniphest T5404

Kleopatra: OpenPGP LDAP keyserver configuration impossible for at least 2.3
Closed, ResolvedPublic
Actions

Description

For now assigned to me to figure out what should be the right way for this. I don't have time for it right now but I should do it this week.

You need to use this keyserver line:
keyserver ldaps://ldap.example.com/????bindname=uid=LordPrivySeal
%2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=abc
(Enter this all on one line; "%2C" directly at the end of "Seal")

This is not a valid url and if you enter it this way into the OpenPGP Keyserver field in Kleopatra it will end up with 2.3 in dirmngr.conf with spaces inside it and the next start you load the config dialog everything after the first space will be gone.

For 2.2 i think this will also be different because then it will be put into gpg.conf but probably have similar problems.

Details

Version
master

Revisions and Commits

rLIBKLEO Libkleo
rLIBKLEOc6a70cbc4f43 Use hkps instead of hkp as default keyserver protocol
rLIBKLEOaa4a4bdd912a Set/get the OpenPGP keyserver as simple string
rLIBKLEO3a4b6d5af371 Remove unused CryptoConfigDialog
rLIBKLEO8f170d07dbd7 Remove broken and no longer useful method for parsing keyserver option
rLIBKLEOae8ddfab0d9e Remove special widget for OpenPGP keyserver entry
rKLEOPATRA Kleopatra
rKLEOPATRA49790088a316 Remove unused code
rKLEOPATRA760ad71507f0 Present the value of the keyserver option as-is to the user

Event Timeline

aheinecke triaged this task as High priority.Apr 20 2021, 1:31 PM
aheinecke created this task.
werner added a subscriber: werner.Apr 20 2021, 3:38 PM

Well,

ldap:///

or

ldap://someserver.in.my.domain/????gpgNtds=1

is more important

aheinecke reassigned this task from aheinecke to ikloecker.May 25 2021, 10:17 AM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.May 25 2021, 10:35 AM
ikloecker added a commit: rLIBKLEOae8ddfab0d9e: Remove special widget for OpenPGP keyserver entry.May 26 2021, 10:44 AM
ikloecker added a commit: rLIBKLEO8f170d07dbd7: Remove broken and no longer useful method for parsing keyserver option.
ikloecker added a commit: rLIBKLEOaa4a4bdd912a: Set/get the OpenPGP keyserver as simple string.
ikloecker added a commit: rLIBKLEO3a4b6d5af371: Remove unused CryptoConfigDialog.
ikloecker added a commit: rLIBKLEOc6a70cbc4f43: Use hkps instead of hkp as default keyserver protocol.
ikloecker added a commit: rKLEOPATRA49790088a316: Remove unused code.May 26 2021, 11:54 AM
ikloecker added a commit: rKLEOPATRA760ad71507f0: Present the value of the keyserver option as-is to the user.
ikloecker changed the task status from Open to Testing.May 26 2021, 2:15 PM
ikloecker reassigned this task from ikloecker to aheinecke.
ikloecker added a subscriber: ikloecker.

Fixed. Kleopatra no longer tries to parse the keyserver option and treats it as simple text (instead of as URL).

Editing an LDAP keyserver entry isn't very user friendly, but making it more user friendly should probably be done with a different task once the new format has been implemented in gpg/dirmngr.

ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.May 26 2021, 2:15 PM
werner added a comment.May 26 2021, 4:50 PM

I implemented the new format in 2.2 but we need to discuss how to handle this in gpgconf.

ikloecker added a comment.May 31 2021, 9:58 AM
In T5404#146459, @werner wrote:

I implemented the new format in 2.2 but we need to discuss how to handle this in gpgconf.

I think it would be best if gpgconf always used the new format. Then gpgme does not need to reimplement the parsing of the old format. The same format should also be used for dirmngr's keyserver option. Additionally, dirmngr's keyserver option should become a list option instead of single value option.

What I'm not really happy about is that there are two options with pretty generic names keyserver and ldapserver where the first is only used for OpenPGP and the second is only used for S/MIME (as far as I know). But okay, confusion can be avoid by a proper UI in Kleopatra.

werner added a comment.May 31 2021, 2:56 PM

Now, it is still time to change the name of the new option "--ldapserver". "--x509server" maybe?

ikloecker added a comment.Jun 1 2021, 9:36 AM

Yes, --x509server does better convey the semantics of this option.

ikloecker closed this task as Resolved.Oct 20 2021, 4:25 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Oct 20 2021, 4:38 PM