Hello, in the wiki it's written to use http://ldapserver:636 to get the certificates, it should be https://ldapserver:636 I managed to get the certificate on an old Solaris box using netscape. Wrt the locking of the proxy DN used by the Solaris client, I already had added an entry for the passwordexpirationtime. I have the impression that it's not expiration that's the problem but it's locking, due to failed logins. So I'm not sure that setting the passwordexpiration attribute of the proxyDN to 20380119031407Z will solve the problem. But of course I will try. Do I actually need a proxyDN or can I setup a solaris LDAP client without it? Best Regards, Jo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060517/10f9ff64/attachment.html