You may wish to look at the draft Open Group profiles for LDAP located at http://www.critical-angle.com/test/profile which address most of these issues: protocol versions, SSL/TLS versions, ciphersuites, operational attributes, subschema subentries, attribute syntaxes... Mark Wahl, Directory Product Architect Innosoft International Inc. / Critical Angle Inc.