Direct LDAP access

David Shaw dshaw at
Wed Jul 13 00:23:26 CEST 2005

On Tue, Jul 12, 2005 at 10:31:48AM -0500, Wes wrote:
> I hope this isn't a duplicate question.  I can't believe it hasn't come up
> before, but I searched the 70MB archive file and found nothing.
> I tweaked (contorted?) our LDAP server to respond to PGP/GPG key retrieval
> requests.  However, it appears that GPG can only access the key server for
> the purposes of importing a key into (or exporting from) a key ring.  I can
> find no way to get GPG to encrypt or decrypt using direct queries to the
> directory instead of using a disk file key chain.

A very easy way to do this is to write your code to "import" the key
from the LDAP server into a brand new empty keyring, and then delete
it afterwards.

> We need to be able to do encryption and decryption with GPG directly
> accessing LDAP to get the keys.  Additionally, since the directory is
> hierarchical and a given key could occur in multiple subtrees, we need to be
> able to specify the searchbase instead of relying on the cn=PGPServerInfo
> entry.

The current LDAP code can specify the base.  Use something like
  keyserver-options basedn=whatever-you-like


More information about the Gnupg-users mailing list