Things we might want to do                              -*- outline -*-

* Map LDAP error codes

* Optimize lookup
** Use the most likely server first.
   This is the server where a baseDN has been given and that baseDN is
   contained in the search pattern.

* name subordination (nameRelativeToCRLIssuer) 
   is not yet supported by Dirmngr.

* CRL DP URI
  The CRL DP shall use an URI for LDAP without a host name.  The host
  name shall be looked by using the DN in the URI.  We don't implement
  this yet.  Solution is to have a mapping DN->host in our ldapservers
  configuration file.

* crlcache.c
  We use a simple approach to get the CRL issuing certificate.  We
  might want to enhance it in case no authorityKeyIdentifier is
  available to try all available matching certificates with the given
  DN. OTOH, rfc3280 requires the use of authorityKeyIdentifier if
  different signing keys are used.




