I suggest that LDAPURL mentions that: (1) Before URL escaping is applied, the extensions may contain null bytes. No other component may. (2) The LDAPURL cannot contain null bytes [or 'null characters']. That can be deduced from various RFCs/drafts (well, I assume there is some RFC which says this about the hostport component), but it would be nice to have it all in one place. -- Hallvard