A couple of more comments... At 11:45 PM 2002-02-14, Howard Chu wrote: >Using "u:dn:cn=foo,..." is not legal. This is a legal authzid where there userid is "dn:cn=foo,..." Using "dn:cn=foo,..." as a userid is questionable. I think here someone is confusing authentication identities with authorization identities and then making assumptions on how they may or may not relate to each other. Kurt