2 files changed, 23 insertions, 14 deletions

diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index bd6f8d5c5..daf8e133a 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -521,18 +521,12 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
 #endif
     }
 
-  if (uri->ad_current)
-    ldap_conn = ldap_init (NULL, uri->port);
-  else
-    ldap_conn = ldap_init (uri->host, uri->port);
+  ldap_conn = ldap_init (uri->host, uri->port);
   if (!ldap_conn)
     {
       err = gpg_err_code_from_syserror ();
-      if (uri->ad_current)
-        log_error ("error initializing LDAP for current user\n");
-      else
-        log_error ("error initializing LDAP for (%s://%s:%d)\n",
-                   uri->scheme, uri->host, uri->port);
+      log_error ("error initializing LDAP for (%s://%s:%d)\n",
+                 uri->scheme, uri->host, uri->port);
       goto out;
     }
 
@@ -613,15 +607,16 @@ my_ldap_connect (parsed_uri_t uri, LDAP **ldap_connp,
       npth_unprotect ();
       err = ldap_bind_s (ldap_conn, NULL, NULL, LDAP_AUTH_NEGOTIATE);
       npth_protect ();
-#else
-      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
-#endif
       if (err != LDAP_SUCCESS)
 	{
 	  log_error ("error binding to LDAP via AD: %s\n",
                      ldap_err2string (err));
 	  goto out;
 	}
+#else
+      err = gpg_error (GPG_ERR_NOT_SUPPORTED);
+      goto out;
+#endif
     }
   else if (uri->auth)
     {
diff --git a/dirmngr/ldap-parse-uri.c b/dirmngr/ldap-parse-uri.c
index 86f6ce032..c36763eee 100644
--- a/dirmngr/ldap-parse-uri.c
+++ b/dirmngr/ldap-parse-uri.c
@@ -74,6 +74,7 @@ ldap_parse_uri (parsed_uri_t *purip, const char *uri)
   char *dn = NULL;
   char *bindname = NULL;
   char *password = NULL;
+  char *gpg_ntds = NULL;
 
   char **s;
 
@@ -110,6 +111,15 @@ ldap_parse_uri (parsed_uri_t *purip, const char *uri)
 	  else
 	    password = *s + 9;
 	}
+      else if (!ascii_strncasecmp (*s, "gpgNtds=", 8)
+              || !strncmp (*s, "1.3.6.1.4.1.11591.2.5.1=", 24))
+	{
+	  if (gpg_ntds)
+	    log_error ("gpgNtds given multiple times in URL '%s', ignoring.\n",
+		       uri);
+	  else
+	    gpg_ntds = *s + (**s == 'g'? 8 : 24);
+	}
       else
 	log_error ("Unhandled extension (%s) in URL '%s', ignoring.",
 		   *s, uri);
@@ -170,10 +180,14 @@ ldap_parse_uri (parsed_uri_t *purip, const char *uri)
   puri->port = lud->lud_port;
 
   /* On Windows detect whether this is ldap:// or ldaps:// to indicate
-   * that authentication via AD and the current user is requested.  */
+   * that authentication via AD and the current user is requested.
+   * This is shortform of adding "gpgNtDs=1" as extension parameter to
+   * the URL.  */
   puri->ad_current = 0;
+  if (gpg_ntds && atoi (gpg_ntds) == 1)
+    puri->ad_current = 1;
 #ifdef HAVE_W32_SYSTEM
-  if ((!puri->host || !*puri->host)
+  else if ((!puri->host || !*puri->host)
       && (!puri->path || !*puri->path)
       && (!puri->auth || !*puri->auth)
       && !password