> That was my next step. > I see how to do it for attribute resolver but I can't see how for binding > (without messing with authn/ldap-authn-config.xml.) That file is not a system configuration file, I would assume that any non-trivial deployer would need to edit it. -- Scott