I've begun looking into using pam_ldap to authenticate linux users against a w2k server using AD. By toying with the ldap.conf file and looking through the pam_ldap code I've discovered that in order for the initial bind to work, either the w2k server has to accept anonymous binds, or the binddn and bindpw args in ldap.conf must have user and password values that exist on the w2k server. My questions are, if my app. has the user name and password of the user I'm authenticating prior to the initial bind, isn't there a way to make pam_ldap use these values? If not, is there a reason why I shouldn't want it to do this? Thanks, Darren
