I'm taking a look at the LDAP module. It's rather more complicated than I like. I'm thinking of moving it to use the new connection pools. I have a first draft which uses the connection pool to open the sockets. But... the behavior of the module is hard to understand. I'll start off with my thoughts: 1) connection pool is working. They don't *do* anything, but they connect 2) authentication. The "bind as user" code is simple. But what's with the "perform_search" and "filter" stuff? Why not use have a statically configured user DN? I'd like to avoid some of the complexity of the current code. So is the user DN really some arbitrarily changing value? Do you really have to search over the entire DB for "uid=username" in order to find the user? Alan DeKok.