Peter Mogensen wrote: > Is it in anyway possible to set up cn=config, so only root on the host > can make changes? You probably want a peername ACL. http://www.openldap.org/doc/admin24/access-control.html#Controlling%20rootdn%20access Carl