ACL Question

Hi, I have the following in my slapd.conf: access to dn.subtree="cn=log" by group/groupOfNames/Member="cn=ldap-admins,ou=Group,dc=soe,dc=ucsc,dc=edu" read However, anyone (even unbound anonymous users) can access cn=log without any problems. I don't want anyone but ldap-admins to be able to access this subtree. I'm thinking that I must be missing something really simple here. Am I doing something wrong? Any help is greatly appreciated. Tim Gustafson BSOE Webmaster UC Santa Cruz tjg(a)soe.ucsc.edu 831-459-5354