On Fri, Mar 6, 2009 at 4:10 PM, Quanah Gibson-Mount<quanah(a)zimbra.com> wrote: > If you set the cn value on every group they are supposed to be able to write > to, then they'll be able to write to any of those groups. I.e., "this/cn" > is the group entry in question. I'm assuming you want them to be able to > write to any group they have control of. If you don't, then simply remove > the cn=uid value from the group. Perhaps I didn't articulate my point well enough. I want them to be able to *create* these entries on their own, they won't be pre-created. So, I want them to be able to create entries under ou=group but only if they are of the form uid:.+