I've missed something: What can the LDAP server *do* with the usernames we bind as? It's simple enough if the username is a DN, of course. But if I bind as "hbf", may the server translate that to a DN - e.g. with a local subtree search for (&(uid=hbf)(objectclass=person))? May it bind as user user "hbf" which does not correspond to a DN, in a private user file? -- Hallvard