When publishing keys to an LDAP server with a base DN specified in the dirmngr config (https://www.gnupg.org/documentation/manuals/gnupg/Dirmngr-Options.html#:~:text=%2D%2Dkeyserver), dirmngr forces schema version 1 and as a result doesn't push newer attributes to the LDAP server.
This is problematic when using some applications such as Kleopatra, which now seem to require that key fingerprints be present in search results.
For reference, the relevant code is here: https://github.com/gpg/gnupg/blob/master/dirmngr/ks-engine-ldap.c#L559
When a base DN is specified, it bypasses the keyserver probing functionality, which would normally attempt to find the PGPServerInfo entry and flag the appropriate schema version.
It would be useful if one of the following was implemented:
- Dirmngr could auto detect if the provided base DN is a PGPServerInfo entry and then just inspect the pgpKeySpaceDN to get the DN for the keys
- There was a new config option to specify the DN for the PGPServerInfo entry to allow for probing with a manually specified path
- There was a new config option to override the LDAP keyserver flags and specify that a keyserver uses schema V2
I would be happy to work on a PR for any of these options if any option is deemed acceptable.