Hi, In my file ldap.conf, if i use this : defaultaccess none access to * by * read I can use su but if i use this : defaultaccess none access to attr=* by * read access to dn=* by * read "su toto" reply me "Unknown id: toto" Is there another thing except "dn" or "attr" ? What is the minimal access ? Thanks. -- Gabriel