Chapter 5. Configuring Kleopatra

Kleopatra's configure dialog can be accessed via SettingsConfigure Kleopatra...

Each of its pages is described in the sections below.

Configuring Directory Services

On this page, you can configure which LDAP servers to use for S/MIME certificate searches, and which key servers to use for OpenPGP certificate searches.


This is simply a more user-friendly version of the same settings you also find in the section called “Configuring the GnuPG System”. Everything you can configure here, you can configure there, too.

A Note On Proxy Settings

Proxy settings can be configured for HTTP and LDAP in the section called “Configuring aspects of S/MIME Validation”, but only for GpgSM. For GPG, due to the complexity of keyserver options in GPG and lack of proper support for them in GpgConf, you currently need to modify the config file gpg.conf directly. Please refer to the GPG manual for details. Kleopatra will preserve such settings, but does not yet allow to modify them in the GUI.

The Directory services table shows which servers are currently configured. Double-click on a cell in the table to change parameters of existing server entries.

The meaning of the columns in the table is as follows:


Determines the network protocol which is used to access the server. Often-used schemes include ldap (and its SSL-secured sibling ldaps) for LDAP servers (common protocol for S/MIME; the only one supported by GpgSM), and hkp, the Horowitz Keyserver Protocol, nowadays usually HTTP Keyserver Protocol, a HTTP-based protocol that virtually all public OpenPGP keyservers support.

Please refer to the GPG and GpgSM manuals for a list of supported schemes.

Server Name

The domain name of the server, e.g.

Server Port

The network port the server is listening on.

This changes automatically to the default port when you change the Scheme, unless it was set to some non-standard port to begin with. If you changed the default port and cannot get it back, try setting Scheme to http and Server Port to 80 (the default for HTTP), then take it from there.

Base DN

The Base-DN (only for LDAP and LDAPS), i.e. the root of the LDAP hierarchy to start from. This is often also called search root or search base.

It usually looks like c=de,o=Foo, given as part of the LDAP URL.

User Name

The user name, if any, to use for logging into the server.

This column is only shown if the option Show user and password information (below the table) is checked.


The password, if any, to use for logging into the server.

This column is only shown if the option Show user and password information (below the table) is checked.


Check this column if this entry should be used for X.509 (S/MIME) certificate searches.

Only LDAP (and LDAPS) servers are supported for S/MIME.


Check this column if this entry should be used for OpenPGP certificate searches.

You can configure as many S/MIME (X.509) servers as you want, but only one OpenPGP server is allowed at any time. The GUI will enforce this.

To add a new server, click on the New button. This duplicates the selected entry, if any, or else inserts a default OpenPGP server. Then you can set the Server Name, the Server Port, the Base DN, and the usual Password and User Name, both of which are only needed if the server requires authentication.

To directly insert an entry for X.509 certificates, use NewX.509; use NewOpenPGP for OpenPGP.

To remove a server from the search list, select it in the list, then press the Delete button.

To set the LDAP timeout, i.e. the maximum time the backend will wait for a server to respond, simply use the corresponding input field labeled LDAP timeout (minutes:seconds).

If one of your servers has a large database, so that even reasonable searches like Smith hit the maximum number of items returned by query, you might want to increase this limit. You can find out easily if you hit the limit during a search, since a dialog box will pop up in that case, telling you that the results have been truncated.


Some servers may impose their own limits on the number of items returned from a query. In this case, increasing the limit here will not result in more returned items.