How to I put an ACI on an object so that - one can bind as that object (with its userPassword), - the user bound as that object as well as one other user (call it cn=web,ou=services,dc=uio,dc=no) can read the object, - nobody else can detect the object ? -- Hallvard