Hi, > access to * > by self write > by anonymous auth > by * read > by dn="cn=Directory Manager" write > I think you also was to have your directory manager dn before the * read...when you are trying to bind, openldap will see the * read, and only give access rights as that, to anybody not anonymous or auth Andy