I just wondered if there is anything planned along similar lines for Samba4? It would be massive to be able to synchronise users but the problem with password hashes and different algorithms is a real headache. I have only just started with 389 Directory server and wow after OpenLdap its really impressive and such a doddle to use and administer. They have this winsync plugin that opens up an ssl tunnel between the two servers you have to the plugin running on 389 and a dll is loaded into AD. Its simple and massive when it comes to interoperability so much so I might go back and route out my M$ disks. Please have this planned somewhere as every other solution is massively complex and just a secure tunnel swapping plain text passwords is just a simple brilliant idea. Can anyone give me any pointers if this exists or please put it forward into the roadmap. Even if it is jusy with 389-DS but OPenLdap would benefit from the exact same methods so that they are interchangeable. Stuart??