On 9/7/06, Richard Megginson <rmeggins at redhat.com> wrote: > I checked RFC 4513 - http://www.ietf.org/rfc/rfc4513.txt - it doesn't > say anything about the correct result code to return in this case, other > than it is an error if anything other than success or bindinprogress is > returned. You might want to ask on ldap at umich.edu or on > IRC.freenode.net #ldap if there is a standard that covers this case. Thanks for the suggestion. I'll ask. I skimmed RFC 4513 (sans coffee) and didn't find the section you're referring to. I did see that RFC 4422 (last paragraph of section 3.6) seems to suggest that OS X's and OpenLDAP's behavior is legitimate and useful. Even if the standards permit either behavior (and even if it's slightly more secure to not reveal additional information, as David Boreham pointed out), wouldn't it be worth having FDS compatible with OpenLDAP and OS X? Josh Kelley