masarati(a)aero.polimi.it wrote: OK. The basic framework is in place now, Add and Emit appear to work. I haven't done Delete yet. If you have any suggestions for sanity-checking the current code, that would be helpful. Much of it is copy/pasted from slapd-ldap and slapo-rwm. I see a few puzzling inconsistencies, like the existence of acl-passwd and acl-authcDN keywords that don't actually have any functional code behind them. I would guess they should have been replaced with acl-bind but there's no implementation of that anywhere either. Also wondering if the idassert-passthru from back-ldap ought to be added here. The manpage is quite out of date, it still says to look at slapd-ldap(5) for the mapping/rewrite docs, but that text was dropped and moved to slapo-rwm(5). -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/