On Sat, 1 Nov 2008, Filipe Brandenburger wrote: > If you are using "ssl start_tsl" you have to use ldap:// and not > ldaps:// in your referrals, otherwise LDAP client will try to open a > TLS session inside the connection which is already a SSL session. If > you change that in your configuration file, it should work fine. Thank you very much Filipe; you are a star. Of course it works now. I have been doing this long enough that I should have seen that; sometimes the cause is so obvious that you look right past it at other details. Having made such a noob mistake, I'm surprised that more things didn't work. Steve