From e0cbb97925a109fee7c0a7450bcac120f2766ed2 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 21 Dec 2020 15:07:32 +0100 Subject: [PATCH] doc: Explain LDAP keyserver parameters --- doc/dirmngr.texi | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/doc/dirmngr.texi b/doc/dirmngr.texi index 05fa099e0..33a84244c 100644 --- a/doc/dirmngr.texi +++ b/doc/dirmngr.texi @@ -328,7 +328,26 @@ whether Tor is locally running or not. The check for a running Tor is done for each new connection. If no keyserver is explicitly configured, dirmngr will use the -built-in default of hkps://hkps.pool.sks-keyservers.net. +built-in default of @code{hkps://hkps.pool.sks-keyservers.net}. + +Windows users with a keyserver running on their Active Directory +should use @code{ldap:///} for @var{name} to access this directory. + +For accessing anonymous LDAP keyservers @var{name} is in general just +a @code{ldaps://ldap.example.com}. A BaseDN parameter should never be +specified. If authentication is required the value of @var{name} is +for example: + +@example + keyserver ldaps://ldap.example.com/????bindname=uid=USERNAME + %2Cou=GnuPG%20Users%2Cdc=example%2Cdc=com,password=PASSWORD +@end example + + Put this all on one line without any spaces and keep the '%2C' as given. + Replace USERNAME, PASSWORD, and the 'dc' parts according to the + instructions received from the LDAP administrator. Note that only + simple authentication (i.e. cleartext passwords) is supported and thus + using ldaps is strongly suggested. @item --nameserver @var{ipaddr} @opindex nameserver