When trying to import CRLs using gpgsm --call-dirmngr loadcrl and with debug as guru, it reports using attr cACertificate when querying LDAP. This does not work against Microsoft Active Directory which uses usercertificate as the attr. Reviewing and the code supports either attr type (in dirmngr/ldap.c) but for the call start_default_fetch_ldap() from dirmngr/crlfetch.c which has hardcoded cACertificate as part of the call. I am working with version 2.1.18 of dirmngr. Can this be fix to support either a flag or an additional LDAP query to know what type of code to use automatically.
We need to extend dirmngr_ldap.c to take a list of attributes to return. We already have the --multi option which returns all attributes for latter filtering by the caller but the specified attr is also used and thus dirmngr's start_cacert_fetch_ldap() retruns only the requested caCertificate.