I checked through the archives and couldn't find a real mention of this. When a failed connection happens over SSL (OpenSSL) the most information I can get back is what ldap_err2string returns. The problem is I don't know if it's a true connection failure or a SSL session error or even a certificate error. Is there a way to get more useful information out of a failed SSL connection. I do know about LDAP_OPT_X_TLS_SSL_CTX but can't figure out if that points to an error message somewhere. -- Many thanks Eric