I posted a more detailed response to general list. [do not cross post]. For the benefit of this list I'll provide a terse answer here. Operational attributes which are not explicitly requested are not returned per RFC 2251. You can request them by name or you can request all operational attributes be returned by providing the "+" in the list of names (this is an extension to LDAP). Kurt