I am using rlm_ldap (2.0.0-pre2) to check an account for being valid in AD. This works. As I am only interested in one attribute from AD, it would be sufficient, if rlm_ldap would only use "filter" to dive into AD once. How could I prevent rlm_ldap from "Entering ldap_groupcmp()" ? Setting groupname_attribute = NULL groupmembership_filter = NULL only results in an error message "Bad search filter" ..... rlm_ldap: looking for check items in directory...^M rlm_ldap: LDAP attribute primaryGroupID as RADIUS attribute Group-Name == "515"^M rlm_ldap: looking for reply items in directory...^Mrlm_ldap: user host/28tef004.ww006.mycomany.net authorized to use remote access^M rlm_ldap: ldap_release_conn: Release Id: 0^M ++[ldap] returns ok^M How to prevent entering this function?? rlm_ldap: Entering ldap_groupcmp()^M expand: DC=MYCOMPANY,dc=NET -> DC=MYCOMPANY,dc=NET^M expand: NULL -> NULL^M ..... Norbert Wegener