searching for a key with gpg ldap

'David Shaw' dshaw at
Thu Jun 15 14:12:52 CEST 2006

On Thu, Jun 15, 2006 at 12:14:22PM +0200, Ralf Hauser wrote:
> Hi,
> Leaving the TLS/SSL problem from the previous mail aside, with
> gpg.1.4.3 --keyserver ldap://localhost:2389 --keyserver-options 'binddn="dn=micky"' --keyserver-options "debug=5" --keyserver-options bindpw=mouse --search-keys Test
> on windows, a nice "bind" succeeds and the serverInfo is queried with success.
> But then gpg presents:
>    filter : '(pgpdisabled=0)
> all others (e.g., however ask for
>    filter: (pgpUserID=*test*)
> Looking at the below 1.4.2. debug output, it appears that the first half of the query 
>    "(&(pgpuserid=*Test*)(pgpdisabled=0))"
> Never reaches my ldap server (

This is a misunderstanding of what the logs are saying.  The LDAP
library is doing a logical AND between (pgpuserid=*Test*) and
(pgpdisabled=0).  You just don't have any records that have
pgpDisabled being equal to 0.

The pgpDisabled field is part of the PGP LDAP schema.  Are you using
this schema?  If not, you're likely to hit many other compatibility
problems like this.

> Somehow "pgpdisabled=0" to me looks like "dear server, give me all
> keys you don't consider as disabled"?

Yes.  That's exactly what it means.  If you want to include all (even
disabled) keys, then use:

  keyserver-options include-disabled


More information about the Gnupg-users mailing list