Page MenuHome GnuPG
Create Task
Maniphest T5452

Kleopatra: Provide an option to test the LDAP keyserver connection
Open, WishlistPublic
Actions

Description

Let's make that idea discussed earlier an official task ...

Stating the obvious: Configuring LDAP keyserver connection is error-prone. A simple typo in the long string of server, port, ou, password etc. will break operation.

That part cannot be changed as it's in the nature of LDAP. But Kleopatra should ease the job by providing a way to test a configured LDAP connection immediately. So that would be a "Test Connection" button that triggers an action fairly similar to ldapwhoiami. In my opinion this provides a great convenience in that fairly awkward area.

Another way to ease configuration was to configure the connection through separate input boxes for the components of that URL, I think this is already being worked on. Although I'd appreciate if Kleopatra could still accept a single URL and do the parsing, preferably using the ldap_url_parse function of libldap.

Revisions and Commits

rG GnuPG
rGeb3a629154de dirmngr: Allow for non-URL specified ldap keyservers.
rG2b4cddf9086f dirmngr: Allow for non-URL specified ldap keyservers.

Related Objects

Event Timeline

cbiedl triaged this task as Wishlist priority.May 26 2021, 11:34 AM
cbiedl created this task.
werner added a commit: rG2b4cddf9086f: dirmngr: Allow for non-URL specified ldap keyservers..May 26 2021, 4:22 PM
werner added a subscriber: werner.May 26 2021, 6:24 PM

You can easily do this with gpg-connect-agent

gpg-connect-agent --dirmngr
> ks_search foo@example.org

Use HELP and HELP <command> to get online help. KEYSERVER has several options and used withou options it lists the used keyservers. You may use

keyserver --clear ldap://foo....

to set a new keyserver for the session. With 2.2.28 the LDAPSERVER command oes also allow tolist configured servers. etc. Isn't this sufficient as test tool? Of course you should enable debug options and use watchgnupg
to see what is going on behind the scenes. For a quick test you may also

dirmngr --server --verbose --debug whaever --log-file -

and enter the commands (but w/o readline support).

aheinecke added a comment.May 27 2021, 10:15 AM

Yeah, but cbiedl's issue is about something like that in Kleopatra for "users".

This could be for example a green checkmark next to the keyserver after a configuration change to indicate that the connection worked. This gets more important for our commercial users with restricted networks etc. where they might need proxy settings and so on.

werner added a comment.May 27 2021, 7:34 PM

Just search for something.

aheinecke added a comment.May 28 2021, 9:29 AM

Yes. This is not a backend issue. Kleopatra can determine if it has connection to the keyserver but the issue is about that Kleopatra should determine that and indicate that.

werner added a commit: rGeb3a629154de: dirmngr: Allow for non-URL specified ldap keyservers..Jun 16 2021, 1:16 PM
werner mentioned this in T5405: Release GnuPG 2.3.2.Aug 24 2021, 8:00 PM
ikloecker renamed this task from Please provide an option to test the LDAP keyserver connection to Kleopatra: Provide an option to test the LDAP keyserver connection.Dec 5 2022, 9:13 AM