Alex Gregory wrote: > I apologize… should have tried it first. Not allowed there. Looks like its done in the authorize section. Yes. Because that's where the LDAP module is being called. The point is to check the return code of the LDAP module. Not add "ldap" in another section, and then check that return code. Alan DeKok.