I am sorry ... I've just fixed my problem... I had to use "userCertificate;binary" instead of "userCertificate" ... I knew it was necessary to put ";binary" after the attibute name in LDIF, but I didn't notice it was the same in the ldap api! Believe or not, I've lost 3 days on this problem !!! Thanks anyway Giovanni