Hi, I have these ACLs in place: olcAccess: {0}to dn.base="dc=teckids,dc=org" by group.exact="cn=ldapadmin,ou=Groups,dc=teckids,dc=org" manage by dn="cn=admin,dc=teckids,dc=org" manage by self read continue by * auth break olcAccess: {1}to dn.base="ou=Mailinglists,dc=teckids,dc=org" by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read continue by * break olcAccess: {2}to attrs=userPassword,shadowLastChange,loginShell by self write continue by anonymous auth continue by * break olcAccess: {3}to dn.subtree="ou=People,dc=teckids,dc=org" attrs=cn,uid,loginShell,homeDirectory,uidNumber,gidNumber,gecos by dn="cn=nslcd,dc=teckids,dc=org" read continue by * break olcAccess: {4}to dn.subtree="ou=People,dc=teckids,dc=org" attrs=uid,mailLocalAddress,mailRoutingAddress by dn="cn=postfix,dc=teckids,dc=org" read continue by * break olcAccess: {5}to dn.subtree="ou=Members,ou=People,dc=teckids,dc=org" attrs=employeeNumber by dn.subtree="ou=Board,ou=Members,ou=People,dc=teckids,dc=org" read continue by * none stop olcAccess: {6}to dn.subtree="ou=Members,ou=People,dc=teckids,dc=org" by dn.subtree="ou=Members,ou=People,dc=teckids,dc=org" read continue by * break olcAccess: {7}to dn.subtree="ou=Groups,dc=teckids,dc=org" by dn="cn=nslcd,dc=teckids,dc=org" read continue by * break olcAccess: {8}to dn.subtree="ou=Domains,dc=teckids,dc=org" by dn="cn=postfix,dc=teckids,dc=org" read continue by * break olcAccess: {9}to attrs=cn,uid,userPassword by * auth break But still, even a simple bind fails because it somehow does not get the auth privileges defined in the first stanza. The ACL log says: http://paste.ubuntu.com/7544324/ What did I miss? Cheers, Nik