Hi, I'm trying to authenticate users against an LDAP database ... now, I already have that running on several servers that use the "normal" tree setup, something like "cn=username,ou=somebranch,ou=domain,ou=tld", with a search_base of ou=domain,ou=tld. The place I'm trying to configure it for now is using a - AFAICT - rather unusal schema, as they have a tree that uses multiple top level o=, and start underneath there, so there may by user entries like cn=user1,ou=USERS,o=branch1 and cn=user2,ou=USERS,o=branch2 (historically, ldap trees from several locations were just merged together, which led to this) How can I get SASL to search in such a configuration? I already tried a "ou=USERS,o=*" syntax, which I didn't expect to work (and it didn't) Also, I know that saslauthd or other apps will need to check the resulting username/pw, so I tried binding with the DN and PW of an account, resulting in a "Confidentiality required" ... using ldaps:// notation didn't work, as the remote server (Novell eDirectory) probably isn't configured for that, and -Z for TLS also fails with ldap_start_tls: Server is unavailable (52) additional info: TLS services are not available >From what I can find, the message should come up if the server is configured for requiring secure queries, but then I would expect it to also be configured to SUPPORT either one of the methods ... Help appreciated, -garry ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html