Hi everybody, I have been fighting with FC3 for a while now, trying to get authentication to work via LDAP. The configuration that worked under FC1 (using TLS) did not work under FC3, apparently because FC1 would do TLS without verifying the server certificate, whereas FC3 had this security whole closed. So I got to a point where my certificates where fine and FC3 would do LDAP via TLS for everything (finger, getent, ldapsearch, etc), except for the logon password authentication. Finally, I found the solution by accident, and it has to do with using the "host" vs "URI" directive: The only way I can login to the system is with /etc/ldap.conf using "host": base dc=mydomain,dc=com host ldap1.hq.mydomain.com:636 pam_password md5 ssl yes TLS_CACERT /etc/mydomain/ppkeys/public_keys/self-ca.mydomain.com.crt.pem "ldapsearch -x", however, only works with the "URI" directive in /etc/openldap/ldap.conf: base dc=mydomain,dc=com URI ldaps://ldap1.hq.mydomain.com pam_password md5 ssl yes TLS_CACERT /etc/mydomain/ppkeys/public_keys/self-ca.mydomain.com.crt.pem Does anybody know what is going on with this? Is this just a bug in openLDAP? What is really the difference between these two ways? I saw a post somewhere saying that the openLDAP version shipped with FC3 is rather buggy and unstable. Unfortunately, there is no update available. I tried installing the FC4 openLDAP RPMs, but had too many problems with missing libcrypto and other libraries, and I dont want to mess up the rest of the system by trying to patch in FC4 RPMs... BTW, in case this gives any more clues: the only way I got phpLDAPAdmin (0.9.6c) to work is this: $servers[$i]['name'] = 'ldap1.hq'; $servers[$i]['host'] = 'ldaps://ldap1.hq.mydomain.com'; $servers[$i]['base'] = 'dc=mydomain,dc=com'; $servers[$i]['port'] = 636; $servers[$i]['auth_type'] = 'session'; $servers[$i]['login_dn'] = 'cn=Administrator,dc=mydomain,dc=com'; $servers[$i]['login_pass'] = 'secret'; $servers[$i]['tls'] = false; $servers[$i]['low_bandwidth'] = false; $servers[$i]['default_hash'] = 'ssha'; $servers[$i]['login_attr'] = 'dn'; $servers[$i]['login_string'] = 'uid=<username>,ou=People,dc=example,dc=com'; $servers[$i]['login_class'] = ''; $servers[$i]['read_only'] = false; $servers[$i]['show_create'] = true; $servers[$i]['disable_anon_bind'] = false; $servers[$i]['custom_pages_prefix'] = 'custom_'; $servers[$i]['unique_attrs_dn'] = ''; $servers[$i]['unique_attrs_dn_pass'] = ''; Thanks, MARK