So it looks like changing libldap to use the tm_api timeout might have been a bad idea. All the existing apps assume that passing a NULL timeout gives an unlimited timeout. Now this is only true if there is no default timeout set in ldap.conf/ldaprc. If there is such a setting, then an app can't actually get an unlimited timeout unless it explicitly calls ldap_set_option() to override any value read from a config file. Any thoughts? Without that change, the tm_api value is a no-op and totally useless. Perhaps it's an option that should not be valid in any config file, and only valid from an app? -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/