> It works on 3.x and fails on 2.x against the same AD server with the new cert. Which would be explained by the fact that the 2.x LDAP service account got moved into OU=ToBeDeleted around the same time the new cert got installed. I went down the cert rat hole, so sorry to drag you along... -- Dave