Howard Chu wrote: Well, I don't think there's reason to get rude. Please understand that english is not my first language, and I apologize if I did not meet your expectations. And I did not ask about LDAP in common, I asked about the slapd implementation. So reading LDAP basics would not answer the question. As it was pointed out before, the details of this {SASL} authentication scheme are _not_ documented in the slapd manual or any LDAP basics, but somewhere hidden in the FAQs or even partly undocumented. That's what I wanted to know. Obviously, as you yourself point out, that's an implementation detail. Does ldappasswd change all entries or just the one matching the given password? regards Hadmut