Patch attached, related to https://dev.gnupg.org/T6047
Description copied below:
* dirmngr/ks-engine-ldap.c
(interrogate_ldap_dn): refactored out of my_ldap_connect
(my_ldap_connect): interrogate LDAP server when basedn specified
--
This patch implements the first proposed solution in bug 6047. Using
the old logic, if a base DN is specified in dirmngr, then dirmngr would
force usage of schema version 1 instead of checking if the LDAP server
is capable of version 2. With the new functionality, dirmngr will first
check if the provided base DN has a `cn=PGPServerInfo` as a direct
descendant. If the PGPServerInfo entry is not found immediately, it
then does a search again in the parent DN. The second search is useful
for backwards compatibility since any users that had specified a base
DN likely were pointing directly to the pgp keyspace DN, which is
commonly a sibling of PGPServerInfo.
Note that dirmngr does not seem to update/replace LDAP entries, so if a
user wants to update their keys from schema V1 to V2, they will need to
manually delete the entry before re-sending the keys.
Description copied below:
* dirmngr/ks-engine-ldap.c
(interrogate_ldap_dn): refactored out of my_ldap_connect
(my_ldap_connect): interrogate LDAP server when basedn specified
--
This patch implements the first proposed solution in bug 6047. Using
the old logic, if a base DN is specified in dirmngr, then dirmngr would
force usage of schema version 1 instead of checking if the LDAP server
is capable of version 2. With the new functionality, dirmngr will first
check if the provided base DN has a `cn=PGPServerInfo` as a direct
descendant. If the PGPServerInfo entry is not found immediately, it
then does a search again in the parent DN. The second search is useful
for backwards compatibility since any users that had specified a base
DN likely were pointing directly to the pgp keyspace DN, which is
commonly a sibling of PGPServerInfo.
Note that dirmngr does not seem to update/replace LDAP entries, so if a
user wants to update their keys from schema V1 to V2, they will need to
manually delete the entry before re-sending the keys.