diff options
| author | Werner Koch <wk@gnupg.org> | 2020-12-21 15:07:32 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2020-12-21 16:06:16 +0100 |
| commit | e0cbb97925a109fee7c0a7450bcac120f2766ed2 (patch) | |
| tree | c82bc3a48d226ed10728a57bfb7d278a42f7867c | |
| parent | 355e2992c043dd3241a9e838255f01418490ef33 (diff) | |
| download | gnupg-e0cbb97925a109fee7c0a7450bcac120f2766ed2.tar.gz | |
doc: Explain LDAP keyserver parameters
| -rw-r--r-- | doc/dirmngr.texi | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 05fa099e0..33a84244c 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -328,7 +328,26 @@ whether Tor is locally running or not. The check for a running Tor is done for each new connection. If no keyserver is explicitly configured, dirmngr will use the -built-in default of hkps://hkps.pool.sks-keyservers.net. +built-in default of @code{hkps://hkps.pool.sks-keyservers.net}. + +Windows users with a keyserver running on their Active Directory +should use @code{ldap:///} for @var{name} to access this directory. + +For accessing anonymous LDAP keyservers @var{name} is in general just +a @code{ldaps://ldap.example.com}. A BaseDN parameter should never be +specified. If authentication is required the value of @var{name} is +for example: + +@example + keyserver ldaps://ldap.example.com/????bindname=uid=USERNAME + %2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=PASSWORD +@end example + + Put this all on one line without any spaces and keep the '%2C' as given. + Replace USERNAME, PASSWORD, and the 'dc' parts according to the + instructions received from the LDAP administrator. Note that only + simple authentication (i.e. cleartext passwords) is supported and thus + using ldaps is strongly suggested. @item --nameserver @var{ipaddr} @opindex nameserver |