Hi Predrag I just realized that from server itself i can do search without providing BindDN and password. But Cant do this from client.... example bellow from Server itself [root@puppet-1 slapd-puppet-1]# ldapsearch -xZZZ # extended LDIF # # LDAPv3 # base <dc=fosiul,dc=lan> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # fosiul.lan dn: dc=fosiul,dc=lan dc: fosiul objectClass: domain objectClass: top # groups, fosiul.lan dn: ou=groups,dc=fosiul,dc=lan ou: groups objectClass: organizationalUnit objectClass: top # search result search: 3 result: 0 Success # numResponses: 3 # numEntries: 2 [root@puppet-1 slapd-puppet-1]# So, looks like there is a restriction from Client anonymous search .. Any idea where to look at ??