gpg: Implement the LDAP AKL method.

* g10/keyserver.c (keyserver_import_mbox): Add arg flags and change callers. (keyserver_import_ldap): Remove. It has always returned a not implemented error since 2.1. * g10/getkey.c (get_pubkey_byname): Repurpose LDAP to do basically the same as KEYSERVER. -- The old LDAP mechanism to locate a server via SRV records has long been gone (since 2014) due to the dropping of the keyserver helpers. The new purpose better reflects reality and can be used in environments where keys are provided by an in-house LDAP server.
2025-07-03 22:56:33 +02:00 · 2024-06-04 18:02:02 +02:00 · 2024-06-04 18:02:02 +02:00 · 068ebb6f1e
commit 068ebb6f1e
parent 04ce6765f4
6 changed files with 34 additions and 102 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -2006,15 +2006,15 @@ list.  The default is "local,wkd".
  Locate a key using the Web Key Directory protocol.

  @item ldap
-  Using DNS Service Discovery, check the domain in question for any LDAP
-  keyservers to use.  If this fails, attempt to locate the key using the
-  PGP Universal method of checking @samp{ldap://keys.(thedomain)}.
+  Locate the key using the configured LDAP servers.  This method is
+  similar to the @code{keyserver} mechanism but always uses only LDAP
+  servers.

  @item ntds
  Locate the key using the Active Directory (Windows only).  This
  method also allows one to search by fingerprint using the command
  @option{--locate-external-key}.  Note that this mechanism is
-  actually a shortcut for the mechanism @samp{keyserver} but using
+  actually a shortcut for the mechanism @samp{ldap} using only
  "ldap:///" as the keyserver.

  @item keyserver