dirmngr: Support new gpgNtds parameter in LDAP keyserver URLs.

* dirmngr/ldap-parse-uri.c (ldap_parse_uri): Support a new gpgNtds
extension.
* dirmngr/ks-engine-ldap.c (my_ldap_connect): Do ldap_init always with
hostname - which is NULL and thus the same if not given.  Fix minor
error in error code handling.
--

Note that "gpgNtds" is per RFC-4512 case insensitive and has not yet
been officially regisetered.  Thus for correctness the OID can be
used:

  1.3.6.1.4.1.11591.2.5          LDAP URL extensions
  1.3.6.1.4.1.11591.2.5.1          gpgNtds=1 (auth. with current user)

Note that the value must be 1; all other values won't enable AD
authentication and are resevered for future use.

This has been cherry-picked from the 2.2 branch,
commit 55f46b33df

Signed-off-by: Werner Koch <wk@gnupg.org>

doc/DETAILS

@@ -541,7 +541,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     Mark the start of the actual decryption process.  This is also
     emitted when in --list-only mode.
 *** END_DECRYPTION
-    Mark the end of the actual decryption process.  This are also
+    Mark the end of the actual decryption process.  This is also
     emitted when in --list-only mode.
 *** DECRYPTION_KEY <fpr> <fpr2> <otrust>
     This line is emitted when a public key decryption succeeded in
@@ -1167,6 +1167,11 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     These were used for the ancient shared memory based co-processing.
 *** BEGIN_STREAM, END_STREAM
     Used to issued by the experimental pipemode.
+*** GOODMDC
+    This is not anymore needed. Checking the DECRYPTION_OKAY status is
+    sufficient.
+*** BADMDC
+    This is not anymore needed.
 
 ** Inter-component codes
    Status codes are also used between the components of the GnuPG
@@ -1555,6 +1560,8 @@ Status codes are:
   1.3.6.1.4.1.11591.2.4.1.2          gpgSubFingerprint attribute
   1.3.6.1.4.1.11591.2.4.1.3          gpgMailbox attribute
   1.3.6.1.4.1.11591.2.4.1.4          gpgSubCertID attribute
+  1.3.6.1.4.1.11591.2.5          LDAP URL extensions
+  1.3.6.1.4.1.11591.2.5.1          gpgNtds=1 (auth. with current AD user)
   1.3.6.1.4.1.11591.2.12242973   invalid encoded OID
 #+end_example
 

doc/dirmngr.texi

@@ -332,6 +332,8 @@ built-in default of @code{hkps://hkps.pool.sks-keyservers.net}.
 
 Windows users with a keyserver running on their Active Directory
 should use @code{ldap:///} for @var{name} to access this directory.
+As an alternative it is also possible to add @code{gpgNtds=1} as
+extension (i.e. after the fourth question mark).
 
 For accessing anonymous LDAP keyservers @var{name} is in general just
 a @code{ldaps://ldap.example.com}.  A BaseDN parameter should never be

doc/gpg.texi

@@ -1911,13 +1911,13 @@ Use @var{name} as your keyserver. This is the server that
 will communicate with to receive keys from, send keys to, and search for
 keys on. The format of the @var{name} is a URI:
 `scheme:[//]keyservername[:port]' The scheme is the type of keyserver:
-"hkp" for the HTTP (or compatible) keyservers, "ldap" for the LDAP
-keyservers, or "mailto" for the Graff email keyserver. Note that your
-particular installation of GnuPG may have other keyserver types
-available as well. Keyserver schemes are case-insensitive. After the
-keyserver name, optional keyserver configuration options may be
-provided. These are the same as the global @option{--keyserver-options}
-from below, but apply only to this particular keyserver.
+"hkp"/"hkps" for the HTTP (or compatible) keyservers or "ldap"/"ldaps"
+for the LDAP keyservers.  Note that your particular installation of
+GnuPG may have other keyserver types available as well. Keyserver
+schemes are case-insensitive. After the keyserver name, optional
+keyserver configuration options may be provided. These are the same as
+the global @option{--keyserver-options} from below, but apply only to
+this particular keyserver.
 
 Most keyservers synchronize with each other, so there is generally no
 need to send keys to more than one server. The keyserver