DEFINE CLASS ValidateUser AS Session OLEPUBLIC FUNCTION ValidateUser(tcUser AS String,; tcPassword AS String) OLEPUBLIC LOCAL lcresult AS String,; loName AS NameTranslate,; lcAccount AS String, loLDAP AS LDAP,; loLDAP2 AS LDAP,; oErr AS Exception, a_memberof,; lcUser AS String, lcCRLF As String lcresult = "" lcCRLF = CHR(13) + CHR(10) DIMENSION a_memberof[1] * Change domain to the current domain lcUser = tcUser + '@domain.com' loName = CREATEOBJECT('NameTranslate') loName.InitEx(3, "", lcUser, "", tcPassword) loName.Set(9, lcUser) lcAccount = loName.Get(1) IF NOT EMPTY(lcAccount) THEN loLDAP = GETOBJECT("LDAP:") TRY loLDAP2 = loLDAP.OpenDSObject("LDAP://" +; lcAccount, lcAccount, tcPassword, 2) CATCH TO oErr lcresult = oErr.Message FINALLY IF EMPTY(lcresult) THEN a_memberof = loLDAP2.GetEx("MemberOF") * The array here will contain * all the groups * there are two valid parts to the IF.. IF ALEN(a_memberof, 1) > 0 AND; NOT EMPTY(a_memberof[1]) THEN lcresult = "Yes" ELSE lcresult = "No" ENDIF ENDIF STORE NULL TO loName, loLDAP, loLDAP2 ENDTRY ENDIF RETURN lcresult ENDFUNC ENDDEFINEI've broken up the formatting for readability. Drat! the parser's screwing up