Michael Ströder <michael@stroeder.com> wrote: > So why not point these ill-designed apps to a different DSA implemented > by back-ldap with such an ACL? Yes, that would work. It moves the setup to clients, with might be a bit more complicated to handle than the server for system administrators: there can be many clients, some of them you don't manage yourself. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu@netbsd.org