Can someone tell me what I'm doing wrong here.. defaultaccess none access to dn="ou=ABC, o=ORG" by self write G by * read access to attr=userpassword by self write by * none I want anonymous users only to have read access to the ou=ABC, o=ORG subtree and nothing else, like ou=DEF o=ORG, or ou=GHI, o=ORG. Ovanes