Like it or not, userPassword is what it is. Its syntax, encoding, matching rules, etc. are well defined by RFC2256 and, I presume, X.500 specifications. As such, I believe that a proposal for a replacement attribute type would be more appropriate. Kurt ---- Kurt D. Zeilenga <kurt@boolean.net> Net Boolean Incorporated <http://www.boolean.net/>