Hi, how is the SASL based authentication supposed to work if LDAP uses SASL to autheticate binds SASL uses PAM to autheticate PAM uses pam_ldap Does pam_ldap need to bind with rootdn/rootpw to the LDAP server to avoid going in a circle? Thanks for your comments Arvid -- "You might write faster code in C, but you'll write code faster in Perl"