diff --git a/dirmngr/crlfetch.c b/dirmngr/crlfetch.c
index 7da3d8b6e..c8091f6f6 100644
--- a/dirmngr/crlfetch.c
+++ b/dirmngr/crlfetch.c
@@ -302,7 +302,7 @@ ca_cert_fetch (ctrl_t ctrl, cert_fetch_context_t *context, const char *dn)
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
 #if USE_LDAP
-  return start_default_fetch_ldap (ctrl, context, dn, "cACertificate");
+  return start_cacert_fetch_ldap (ctrl, context, dn);
 #else
   (void)ctrl;
   (void)context;
diff --git a/dirmngr/crlfetch.h b/dirmngr/crlfetch.h
index cf4a3c0aa..3822adb54 100644
--- a/dirmngr/crlfetch.h
+++ b/dirmngr/crlfetch.h
@@ -69,9 +69,9 @@ gpg_error_t attr_fetch_ldap (ctrl_t ctrl,
                              ksba_reader_t *reader);
 
 
-gpg_error_t start_default_fetch_ldap (ctrl_t ctrl,
-                                      cert_fetch_context_t *context,
-                                      const char *dn, const char *attr);
+gpg_error_t start_cacert_fetch_ldap (ctrl_t ctrl,
+                                     cert_fetch_context_t *context,
+                                     const char *dn);
 gpg_error_t start_cert_fetch_ldap( ctrl_t ctrl,
                                    cert_fetch_context_t *context,
                                    strlist_t patterns,
diff --git a/dirmngr/ldap.c b/dirmngr/ldap.c
index a9913cbe7..ffe54bade 100644
--- a/dirmngr/ldap.c
+++ b/dirmngr/ldap.c
@@ -468,18 +468,19 @@ make_url (char **url, const char *dn, const char *filter)
 }
 
 
-/* Prepare an LDAP query to return the attribute ATTR for the DN.  All
-   configured default servers are queried until one responds.  This
-   function returns an error code or 0 and a CONTEXT on success. */
+/* Prepare an LDAP query to return the cACertificate attribute for DN.
+ * All configured default servers are queried until one responds.
+ * This function returns an error code or 0 and stored a newly
+ * allocated contect object at CONTEXT on success. */
 gpg_error_t
-start_default_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
-                          const char *dn, const char *attr)
+start_cacert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
+                         const char *dn)
 {
   gpg_error_t err;
   struct ldapserver_iter iter;
 
-  *context = xtrycalloc (1, sizeof **context);
-  if (!*context)
+  *r_context = xtrycalloc (1, sizeof **r_context);
+  if (!*r_context)
     return gpg_error_from_errno (errno);
 
   /* FIXME; we might want to look at the Base SN to try matching
@@ -493,30 +494,30 @@ start_default_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
 
       err = run_ldap_wrapper (ctrl,
                               0,
-                              1,
+                              1,  /* --multi (record format) */
                               opt.ldap_proxy,
                               server->host, server->port,
                               server->user, server->pass,
-                              dn, "objectClass=*", attr, NULL,
-                              &(*context)->reader);
+                              dn, "objectClass=*", "cACertificate", NULL,
+                              &(*r_context)->reader);
       if (!err)
         break; /* Probably found a result. */
     }
 
   if (err)
     {
-      xfree (*context);
-      *context = NULL;
+      xfree (*r_context);
+      *r_context = NULL;
     }
   return err;
 }
 
 
-/* Prepare an LDAP query to return certificates matching PATTERNS using
-   the SERVER.  This function returns an error code or 0 and a CONTEXT
-   on success. */
+/* Prepare an LDAP query to return certificates matching PATTERNS
+ * using the SERVER.  This function returns an error code or 0 and
+ * stores a newly allocated object at R_CONTEXT on success. */
 gpg_error_t
-start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
+start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
                        strlist_t patterns, const ldap_server_t server)
 {
   gpg_error_t err;
@@ -532,7 +533,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
   char portbuf[30], timeoutbuf[30];
   int use_ldaps = 0;
 
-  *context = NULL;
+  *r_context = NULL;
 
   if (opt.ldap_proxy && !(proxy = xtrystrdup (opt.ldap_proxy)))
     {
@@ -646,19 +647,19 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *context,
     }
   argv[argc] = NULL;
 
-  *context = xtrycalloc (1, sizeof **context);
-  if (!*context)
+  *r_context = xtrycalloc (1, sizeof **r_context);
+  if (!*r_context)
     {
       err = gpg_error_from_errno (errno);
       goto leave;
     }
 
-  err = ldap_wrapper (ctrl, &(*context)->reader, (const char**)argv);
+  err = ldap_wrapper (ctrl, &(*r_context)->reader, (const char**)argv);
 
   if (err)
     {
-      xfree (*context);
-      *context = NULL;
+      xfree (*r_context);
+      *r_context = NULL;
     }
 
  leave:
@@ -718,8 +719,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context,
       n = buf32_to_ulong (hdr+1);
       if (*hdr == 'V' && okay)
         {
-#if 0  /* That code is not yet ready.  */
-
+#if 0  /* That code to extra a cert from a CMS object is not yet ready.  */
           if (is_cms)
             {
               /* The certificate needs to be parsed from CMS data. */
@@ -766,7 +766,7 @@ fetch_next_cert_ldap (cert_fetch_context_t context,
                 any = 1;
             }
           else
-#endif
+#endif /* End unfinished code to extract from a CMS object.  */
             {
               *value = xtrymalloc (n);
               if (!*value)