Configuring the LDAP Server for CRL Checking
Reflection can locate a CRL in the LDAP directory only if the LDAP distinguished name (DN) exactly matches the contents of the Issuer field in the CRL. For example, if the Issuer field of the CRL displays the following objects:
The DN of the entry in the LDAP directory must be exactly: "CN = Some CA, O=Acme, C = US".
The attributes of the LDAP entry identified by this DN must include one of the following. (Reflection looks for these attributes in order from top to bottom.)