mirror of git://git.gnupg.org/gnupg.git
Werner Koch
parent
8de9d54ac8
commit
7c4b0eda74
|
|
@ -334,25 +334,40 @@ If no keyserver is explicitly configured, dirmngr will use the
|
||||||
built-in default of @code{hkps://hkps.pool.sks-keyservers.net}.
|
built-in default of @code{hkps://hkps.pool.sks-keyservers.net}.
|
||||||
|
|
||||||
Windows users with a keyserver running on their Active Directory
|
Windows users with a keyserver running on their Active Directory
|
||||||
should use @code{ldap:///} for @var{name} to access this directory.
|
may use the short form @code{ldap:///} for @var{name} to access this directory.
|
||||||
As an alternative it is also possible to add @code{gpgNtds=1} as
|
|
||||||
extension (i.e. after the fourth question mark).
|
|
||||||
|
|
||||||
For accessing anonymous LDAP keyservers @var{name} is in general just
|
For accessing anonymous LDAP keyservers @var{name} is in general just
|
||||||
a @code{ldaps://ldap.example.com}. A BaseDN parameter should never be
|
a @code{ldaps://ldap.example.com}. A BaseDN parameter should never be
|
||||||
specified. If authentication is required the value of @var{name} is
|
specified. If authentication is required things are more complicated
|
||||||
for example:
|
and two methods are available:
|
||||||
|
|
||||||
|
The modern method (since version 2.2.28) is to use the very same syntax
|
||||||
|
as used with the option @option{--ldapserver}. Please see over
|
||||||
|
there for details; here is an example:
|
||||||
|
|
||||||
|
@example
|
||||||
|
keyserver ldap:ldap.example.com::uid=USERNAME,ou=GnuPG Users,
|
||||||
|
dc=example,dc=com:PASSWORD::starttls
|
||||||
|
@end example
|
||||||
|
|
||||||
|
The other method is to use a full URL for @var{name}; for example:
|
||||||
|
|
||||||
@example
|
@example
|
||||||
keyserver ldaps://ldap.example.com/????bindname=uid=USERNAME
|
keyserver ldaps://ldap.example.com/????bindname=uid=USERNAME
|
||||||
%2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=PASSWORD
|
%2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=PASSWORD
|
||||||
@end example
|
@end example
|
||||||
|
|
||||||
Put this all on one line without any spaces and keep the '%2C' as given.
|
Put this all on one line without any spaces and keep the '%2C'
|
||||||
Replace USERNAME, PASSWORD, and the 'dc' parts according to the
|
as given. Replace USERNAME, PASSWORD, and the 'dc' parts
|
||||||
instructions received from the LDAP administrator. Note that only
|
according to the instructions received from your LDAP
|
||||||
simple authentication (i.e. cleartext passwords) is supported and thus
|
administrator. Note that only simple authentication
|
||||||
using ldaps is strongly suggested.
|
(i.e. cleartext passwords) is supported and thus using ldaps is
|
||||||
|
strongly suggested (since 2.2.28 "ldaps" defaults to port 389
|
||||||
|
and uses STARTTLS). On Windows authentication via AD can be
|
||||||
|
requested by adding @code{gpgNtds=1} after the fourth question
|
||||||
|
mark instead of the bindname and password parameter.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@item --nameserver @var{ipaddr}
|
@item --nameserver @var{ipaddr}
|
||||||
@opindex nameserver
|
@opindex nameserver
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue