Hi, The heimdal system have ldap backend for ticket/credential storage . The problem is kdc and ldap speak only through a socket... this mean iplanet and kerberos must stay on the same machine. I use it , i have centralize user account / samba account in the same ldap tree, all that works very well I think a bind version is in progress ... bye manfred