There are some good instances where StartTLS isn't attractive: when the LDAP servers are behind F5 BigIPs for example. My 2 cents. - chris This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.