Hi. I have ldap tree which i'm trying to migrate from 389-ds to openldap, with structure like this: o=company ou=admins uid=admin1 ... dc=domain ou=users uid=user1 service=service1 ... uid=user2 service=service2 At uid=user1,ou=users,dc=domain,o=company there is admin entry (and no admin entry in childrens) which points to uid=admin1,ou=admins,o=company. Now i want to grant access to all entries below uid=user1,ou=users,dc=domain,o=company to uid=admin1. In 389-ds it was easy, but in openldap it seems not easy to do. I tried to use: olcAccess: to dn.subtree="uid=*,ou=users,dc=domain,o=company" by dnattr="admin" but it grant access only uid=user1,ou=users,dc=domain,o=company and for no childrens access is granted. Maybe i'm doing something wrong or should i use other functionality to solve this problem? Any help will be appreciate. -- Pozdrawiam/Best regards Tomasz Leśniewski