>This looks like the way to go, I don't like the username /pass stored in plain text but maybe if I create a special group that doesn't really have any privileges this would work, geez AD is just plain bad...lol, Thanks. I guess you think insecure would be better? If I understand your need, you want to make AD insecure, so please enable anonymous binds so you don't need a user/pass to make the query:) Or program your own auth backend that binds with the intended creds asking for auth:) Oh, and do this w/o tls/ssl because you want it insecure:)