Help setting gpgsm to do LDAP lookup

Werner Koch wk at
Mon May 18 08:53:55 CEST 2020

On Sat, 16 May 2020 23:24, John Scott said:

> Looking up recipients with both dirmngr-client and
>     gpgsm --verbose --list-external-keys [recipient]
> are fruitless whether I drop the ads\ from my username or not. I've bumped the 
> ldaptimeout to 25. Still both commands finish instantaneously—not unlike 

I just did a quick test using using,c=DE:ldap

which works as expected.  It has no username and password, though.
To better debug this you should add

--8<---------------cut here---------------start------------->8---
log-file socket://
debug ipc,lookup,extprog
--8<---------------cut here---------------end--------------->8---

(if you are not using watchgnupg, repalce socket:// by a regular file name)

This gives more specifc debug output. (BTW, "dirmngr --debug help" shows
all debug options).  Instead of using gpgsm it is often easier to use

  $ gpg-connect-agent --dirmngr
  > /hex
  > lookup Werner
  D[0000]  30 82 05 AF 30 82 04 97  A0 03 02 01 02 02 0C 1D   0...0...........
  D[0010]  B0 E4 78 EA 1D 5C 64 E5  03 8C 9E 30 25 30 44 06   ..x..\d....0%0D.

Look at the log file while running these commands; hopefully you see an
error message.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list