Hi Jamie, thanks for the info. I'm trying to setup SSL now. I'm following the SSL howto posted on the wiki. It seems like it's not totally accurate, I get a failure when importing the ldif's mentioned in the document. Seems like I cannot add the attributes nsslapd-security and nsslapd-ssl-check-hostname I think SSL is setup now but I cannot seem to get it working with ldapsearch -zz, I keep getting ldap_start_tls: Connect error (-11) additional info: Start TLS request accepted.Server willing to negotiate SSL. I guess I need to point my ldap.conf to the ca certificate for trust, which file is holding the ca certificate? I can however login on port 636 as Directory Manager when using ldapbrowser ( http://www.mcs.anl.gov/~gawor/ldap/ <http://www.mcs.anl.gov/%7Egawor/ldap/>) Another question I have wrt password history, it seems like the history entries are all using crypt. I thought they would be using the same encryption as setup for the userpassword (e.g. md5) or is there a particular reason for using crypt? Thanks again, Jo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060109/70b2aa19/attachment.html