Page MenuHome GnuPG
Projects LDAP

LDAPTag
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

LDAP related stuff.

Recent Activity
View All

Yesterday

ikloecker changed the status of T8042: Kleopatra: Add expired/revoked information to ldap search results from Open to Testing.

Implemented and backported for VSD 3.4

Wed, Jan 21, 11:02 AM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
timegrid added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

The "ca" root cert is not on the ldap, if that matters

Wed, Jan 21, 10:23 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid renamed T8048: Keyboxd: S/MIME certificate is imported on ldap search from GnuPG: S/MIME certificate is imported on ldap search to Keyboxd: S/MIME certificate is imported on ldap search.
Wed, Jan 21, 10:14 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.
In T8048#211860, @ikloecker wrote:

some other certificates, but I guess those are from other tests

Wed, Jan 21, 10:08 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid added a project to T8048: Keyboxd: S/MIME certificate is imported on ldap search: Bug Report.
Wed, Jan 21, 10:00 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid renamed T8048: Keyboxd: S/MIME certificate is imported on ldap search from Kleopatra: S/MIME certificate is imported on ldap search to GnuPG: S/MIME certificate is imported on ldap search.
Wed, Jan 21, 10:00 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

It also happens on CLI:

Wed, Jan 21, 9:59 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ikloecker added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

With Gpg4win 5.0.0 the LISTKEYS after the server lookup lists the (ephemeral?) ca@gnupg.test certificate and (!) the bob@gnupg.test certificate (and some other certificates, but I guess those are from other tests).

Wed, Jan 21, 9:52 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ikloecker added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.
  1. VSD 3.3.4
Wed, Jan 21, 9:45 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ikloecker added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.
  1. Gpg4win 5.0.0
Wed, Jan 21, 9:44 AM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x

Tue, Jan 20

timegrid added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.
  • gpg4win 5.0.0 @ win11
Tue, Jan 20, 2:59 PM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ikloecker claimed T8042: Kleopatra: Add expired/revoked information to ldap search results.
Tue, Jan 20, 2:49 PM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
ikloecker added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

gpgme logs (also of vsd-3.3.4) will be useful.

Tue, Jan 20, 2:47 PM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
werner added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

I have not checked but I guess that the certificate is marked as ephemeal and kleopatra either lists ephemeral certificates or the ephemeral flag got removed to to a validation process,

Tue, Jan 20, 2:43 PM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid added a comment to T8048: Keyboxd: S/MIME certificate is imported on ldap search.

Note: This does not happen on vsd-3.3.4

Tue, Jan 20, 2:37 PM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
timegrid created T8048: Keyboxd: S/MIME certificate is imported on ldap search.
Tue, Jan 20, 1:56 PM · keyboxd, Bug Report, gnupg26, S/MIME, LDAP, gpd5x
ebo triaged T8042: Kleopatra: Add expired/revoked information to ldap search results as Normal priority.
Tue, Jan 20, 9:07 AM · vsd34, Feature Request, gpd5x, LDAP, kleopatra

Mon, Jan 19

ikloecker added a comment to T8042: Kleopatra: Add expired/revoked information to ldap search results.

The gpgme logs show that the information for revoked keys should be there. We just need to check for it (and somehow visualize it).

pub:o:3072:1:3DA05D6B0A5998AF:1768822823:1863514800::::::::
fpr:::::::::C70F6D8F32DFE96F5C47C40B3DA05D6B0A5998AF:
uid:o::::::::search (valid) <search@gnupg.test>\r:
Mon, Jan 19, 4:13 PM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
timegrid added a comment to T8042: Kleopatra: Add expired/revoked information to ldap search results.

gpgme.log (vsd 3.3.4):

gpgme_log.vsd334.txt141 KBDownload

Mon, Jan 19, 4:02 PM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
ikloecker renamed T8042: Kleopatra: Add expired/revoked information to ldap search results from Kleopatra: Add expired/rekoved information to ldap search results to Kleopatra: Add expired/revoked information to ldap search results.
Mon, Jan 19, 3:55 PM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
timegrid added a comment to T8042: Kleopatra: Add expired/revoked information to ldap search results.

Another possibility would be to just add a revoked column (expiration date is already shown) to keep closer to the ldap schema.

Mon, Jan 19, 1:31 PM · vsd34, Feature Request, gpd5x, LDAP, kleopatra
timegrid created T8042: Kleopatra: Add expired/revoked information to ldap search results.
Mon, Jan 19, 12:04 PM · vsd34, Feature Request, gpd5x, LDAP, kleopatra

Tue, Jan 13

ebo edited projects for T7272: Kleopatra: Look up missing OpenPGP certificates for card keys, added: gpd5x (gpd-5.0.0); removed gpd5x.
Tue, Jan 13, 12:52 PM · gpd5x (gpd-5.0.0), LDAP, kleopatra

Fri, Jan 9

werner moved T7866: Allow separate LDAP keyserver for uploading from QA to WIP on the gnupg26 board.
Fri, Jan 9, 3:50 PM · gnupg22, vsd34, LDAP, Feature Request, gnupg26
timegrid added a comment to T7866: Allow separate LDAP keyserver for uploading.

The behaviour might have changed a bit because of the ldap: prefix i use now, or i have missed this case the last time:
Given some cert on the "download" server, I can find it, if dirmngr.conf contains only the "download" server, or if the "download" server is listed first:

Fri, Jan 9, 2:17 PM · gnupg22, vsd34, LDAP, Feature Request, gnupg26
werner added a comment to T7866: Allow separate LDAP keyserver for uploading.

Independent of keyserver order in dirmngr.conf, --search-keys still offers keys from the upload server, but the download fails:

Fri, Jan 9, 1:35 PM · gnupg22, vsd34, LDAP, Feature Request, gnupg26
werner added a comment to T7866: Allow separate LDAP keyserver for uploading.

For "Although the upload server is used for upload, the gpg message still displays the first keyserver" see T8025

Fri, Jan 9, 1:28 PM · gnupg22, vsd34, LDAP, Feature Request, gnupg26
werner triaged T8025: Display the correct LDAP server in gpg if the upload flag is in use. as Normal priority.
Fri, Jan 9, 1:28 PM · Bug Report, LDAP, gnupg26

Tue, Jan 6

timegrid moved T7272: Kleopatra: Look up missing OpenPGP certificates for card keys from QA to Done on the gpd5x board.

Looks good to me on gpg4win-5.0.0-beta479 @ win11.

Tue, Jan 6, 3:55 PM · gpd5x (gpd-5.0.0), LDAP, kleopatra

Dec 18 2025

ebo updated subscribers of T6299: Kleopatra: Updating key does results in "not changed" instead of "not found".

@timegrid I would not tag this ticket with LDAP, as it is not LDAP specific

Dec 18 2025, 10:20 AM · gpd5x (gpd-5.0.0), Restricted Project, kleopatra
ebo moved T6299: Kleopatra: Updating key does results in "not changed" instead of "not found" from Restricted Project Column to Restricted Project Column on the Restricted Project board.
Dec 18 2025, 10:18 AM · gpd5x (gpd-5.0.0), Restricted Project, kleopatra
ebo closed T6299: Kleopatra: Updating key does results in "not changed" instead of "not found" as Resolved.

State in Gpg4win-5.0.0-beta446 and vsd 3.3.4 is this:


So the message is "Update Failed" for keyserver and "not found" for WKD.
In light of that the ticket is this old, I'll leave it at that instead of discussing further improvements beyond this single phrase.
These would have to go in a new ticket.

Dec 18 2025, 10:18 AM · gpd5x (gpd-5.0.0), Restricted Project, kleopatra

Dec 12 2025

timegrid moved T6299: Kleopatra: Updating key does results in "not changed" instead of "not found" from Backlog to QA on the gpd5x board.
Dec 12 2025, 2:41 PM · gpd5x (gpd-5.0.0), Restricted Project, kleopatra
timegrid edited projects for T6299: Kleopatra: Updating key does results in "not changed" instead of "not found", added: gpd5x, LDAP; removed Restricted Project.
Dec 12 2025, 2:41 PM · gpd5x (gpd-5.0.0), Restricted Project, kleopatra
timegrid moved T7272: Kleopatra: Look up missing OpenPGP certificates for card keys from Backlog to QA on the gpd5x board.
Dec 12 2025, 2:18 PM · gpd5x (gpd-5.0.0), LDAP, kleopatra
timegrid edited projects for T7272: Kleopatra: Look up missing OpenPGP certificates for card keys, added: gpd5x, LDAP; removed Restricted Project.
Dec 12 2025, 2:18 PM · gpd5x (gpd-5.0.0), LDAP, kleopatra
ebo closed T5447: Add feature to delete a key from an LDAP server as Resolved.

setting this to resolved, werner already tested this

Dec 12 2025, 1:52 PM · gnupg22 (gnupg-2.2.49), vsd33 (vsd-3.3.3), gnupg26, LDAP

Nov 27 2025

timegrid changed the status of T7866: Allow separate LDAP keyserver for uploading from Testing to Open.

Tested on gpg4win-5.0.0-beta413 @ win11 with the following entries in dirmngr.conf:

Nov 27 2025, 2:04 PM · gnupg22, vsd34, LDAP, Feature Request, gnupg26

Nov 21 2025

alexk added a project to T7866: Allow separate LDAP keyserver for uploading: gnupg22.
Nov 21 2025, 4:09 PM · gnupg22, vsd34, LDAP, Feature Request, gnupg26
werner added a project to T7866: Allow separate LDAP keyserver for uploading: vsd34.
Nov 21 2025, 4:08 PM · gnupg22, vsd34, LDAP, Feature Request, gnupg26

Oct 23 2025

werner merged T7779: dirmngr: use different keyserver for sending and receiving certificates into T7866: Allow separate LDAP keyserver for uploading.
Oct 23 2025, 1:40 PM · gnupg22, vsd34, LDAP, Feature Request, gnupg26

Oct 22 2025

werner moved T7866: Allow separate LDAP keyserver for uploading from WIP to QA on the gnupg26 board.
Oct 22 2025, 2:24 PM · gnupg22, vsd34, LDAP, Feature Request, gnupg26

Oct 21 2025

werner changed the status of T7866: Allow separate LDAP keyserver for uploading from Open to Testing.

Implemented but not tested at all.

Oct 21 2025, 10:48 AM · gnupg22, vsd34, LDAP, Feature Request, gnupg26
werner triaged T7866: Allow separate LDAP keyserver for uploading as Normal priority.
Oct 21 2025, 10:42 AM · gnupg22, vsd34, LDAP, Feature Request, gnupg26

Sep 24 2025

werner moved T5447: Add feature to delete a key from an LDAP server from QA to gnupg-2.2.49 on the gnupg22 board.
Sep 24 2025, 1:24 PM · gnupg22 (gnupg-2.2.49), vsd33 (vsd-3.3.3), gnupg26, LDAP

Sep 2 2025

werner moved T7742: Extend the LDAP scheme for non-NTDS installations from WIP to QA on the gnupg26 board.
Sep 2 2025, 2:56 PM · dirmngr, LDAP, gnupg26

Aug 4 2025

werner changed the status of T7742: Extend the LDAP scheme for non-NTDS installations from Open to Testing.
Aug 4 2025, 6:13 PM · dirmngr, LDAP, gnupg26
werner added a comment to T7742: Extend the LDAP scheme for non-NTDS installations.

The advantage of using a fingerprint for referencing a key is that there won't be any collisions in the keyid. Further this unifies the schema with an LDS (Windows) installation where DNs must anyway be unique. But take care the client needs to support this new flag. This will be the case for gnupg >= 2.5.12 (cf. T7756)

Aug 4 2025, 6:05 PM · dirmngr, LDAP, gnupg26
werner removed a project from T5447: Add feature to delete a key from an LDAP server: Restricted Project.
Aug 4 2025, 12:10 PM · gnupg22 (gnupg-2.2.49), vsd33 (vsd-3.3.3), gnupg26, LDAP
werner moved T5447: Add feature to delete a key from an LDAP server from QA to Done on the gnupg26 board.
Aug 4 2025, 12:10 PM · gnupg22 (gnupg-2.2.49), vsd33 (vsd-3.3.3), gnupg26, LDAP