A version which supports uid values longer than one character... access to dn="(uid=[:alnum:]+),dc=OpenLDAP,dc=Org" by dn="$1(\@OPENLDAP\.ORG|\+realm=OPENLDAP\.ORG)" write by dn="uid=[:alnum:]+(\@OPENLDAP\.ORG|\+realm=OPENLDAP\.ORG)" read access to * by dn="uid=[:alnum:]+(\@OPENLDAP\.ORG|\+realm=OPENLDAP\.ORG)" read Kurt