Well thats untrue. The certificate can be used for user mapping, authorization, etc. This is VERY common in the HTTP world. In a servlet you can get the certificate, DN, etc from the request object.not the case in LDAP, AFAIKOK well if it wasn't the case I wouldn't have folks asking for it :-)never heard of such requirement before, curious about the usecase thoughDon't have 100% of the use case either. Someone's looking for MyVD to give them the client certificate in an insert (our equivalent of an interceptor) so they can do authorizations. For service accounts its very elegant if you think about it as it eliminates the need for passwords (assuming thats what its for).