Page MenuHome GnuPG
Create Task
Maniphest T6094

Kleopatra: Make prefilled name and email address for new certificates configurable
Open, NormalPublic
Actions

Description

Some customers have the problem that the NameUserPrincipal we query over GetUserNameEx does not match the real email address of the user. The display name does not always give the desired result for the name, either.

Optionally, Kleopatra should query AD for the full name (or first name and surname) and the email address. dirmngr can be used to query AD.

Event Timeline

aheinecke triaged this task as Wishlist priority.Jul 20 2022, 11:47 AM
aheinecke created this task.
aheinecke added a comment.Aug 15 2022, 2:11 PM

Thinking about this, the best way to avoid AD code in Kleopatra would probably be to just create a QProcess that executes Powershell or WMIC to query the AD.

Here are more examples:
https://stackoverflow.com/questions/10184052/get-a-users-email-address-from-the-username-via-powershell-and-wmi

ebo renamed this task from Kleopatra: Take windows user email Address from Active Directory if available to Draft: Kleopatra: Make prefilled name and email address for new certificates configurable.Sep 16 2025, 2:33 PM
ebo removed aheinecke as the assignee of this task.
ebo raised the priority of this task from Wishlist to Normal.
ebo updated the task description. (Show Details)
ebo changed the edit policy from "All Users" to "Contributor (Project)".
ebo edited projects, added gpd5x; removed Restricted Project.
ebo added a subscriber: ikloecker.
alexk added a subscriber: alexk.Sep 16 2025, 2:49 PM
ikloecker updated the task description. (Show Details)Sep 16 2025, 3:02 PM
ikloecker updated the task description. (Show Details)
alexk added a comment.EditedSep 16 2025, 3:17 PM

To query the AD I used the GPGME function gpgme_op_assuan_transact_ext with an query string like this:

ad_query --subst --attr=dn,userAccountControl (&(objectcategory=person)(objectclass=user) (|(userPrincipalName={{email}}) (mail={{email}})))

Of course {{email}} must be replaced with the mail address queried, this might probably also be the UserPrincipalName.

ikloecker updated the task description. (Show Details)Sep 16 2025, 3:51 PM
ikloecker claimed this task.Wed, Oct 15, 10:56 AM
ikloecker added a comment.Wed, Oct 15, 4:16 PM

Note: QGpgMEWKDLookupJob uses an Assuan transaction with dirmngr.

ikloecker renamed this task from Draft: Kleopatra: Make prefilled name and email address for new certificates configurable to Kleopatra: Make prefilled name and email address for new certificates configurable.Wed, Oct 15, 4:18 PM