Is there a recommended way to allow a DN other than 'cn=config' write access to cn=config and children? I saw brief reference to SASL in a post by Howard. Is this something that could be accomplished with slapd-relay and/or slapo-rwm? Is it an access control issue or something more fundamental to the config backend code? -- Eric Irrgang - UT Austin ITS Unix Systems - (512)475-9342