Page MenuHome GnuPG
Create Task
Maniphest T7742

Extend the LDAP scheme for non-NTDS installations
Testing, NormalPublic
Actions

Description

Only for NTDS we use the CN=<fingerprint> as top RDN. For historic (Open)LDAP servers we use pgpCertID=<keyid> as the top RDN. The latter should be replaced using a new scheme version or flag which does the same as NTDS.

Revisions and Commits

rG GnuPG
rGcef53c875683 dirmngr: Allow the use of an ntds like schema on OpenLDAP et al.
rG4061b34ef31e dirmngr: Allow the use of an ntds like schema on OpenLDAP et al.

Related Objects

Event Timeline

werner triaged this task as Normal priority.Jul 25 2025, 2:07 PM
werner created this task.
werner added a comment.Mon, Aug 4, 6:05 PM

The advantage of using a fingerprint for referencing a key is that there won't be any collisions in the keyid. Further this unifies the schema with an LDS (Windows) installation where DNs must anyway be unique. But take care the client needs to support this new flag. This will be the case for gnupg >= 2.5.12 (cf. T7756)

werner added a commit: rG4061b34ef31e: dirmngr: Allow the use of an ntds like schema on OpenLDAP et al..Mon, Aug 4, 6:09 PM
werner added a commit: rGcef53c875683: dirmngr: Allow the use of an ntds like schema on OpenLDAP et al..Mon, Aug 4, 6:12 PM
werner changed the task status from Open to Testing.Mon, Aug 4, 6:13 PM
werner moved this task from Backlog to WIP on the gnupg26 board.
werner mentioned this in Unknown Object (Maniphest Task).Thu, Aug 7, 1:44 PM