Hi, Looking for docs for the monitor datbase backend, i found this: http://www.openldap.org/devel/admin/monitoringslapd.html Like most other database backends, the monitor backend does honor slapd(8) access and other administrative controls. As some monitor information may be sensitive, it is generally recommend access to cn=monitor be restricted to directory administrators and their monitoring agents. Adding an access directive immediately below the database monitor directive is a clear and effective approach for controlling access. For instance, the addition of the following access directive immediately below the database monitor directive restricts access to monitoring information to the specified directory manager. access to * by dn.exact="cn=Manager,dc=example,dc=com by * none I have misunderstood acl and database config before, but I assume that the ACL here is in error, and something like this from slapd-monitor(5) is appropriate: access to dn.subtree="cn=Monitor" by dn.exact="uid=Admin,dc=my,dc=org" write by users read by * none Assuming I'm correct please update the web docs & let me know. thanks! danno -- Dan Pritts, Sr. Systems Engineer Internet2 office: +1-734-352-4953 | mobile: +1-734-834-7224