Stelios A. wrote: > > Hello, > > I have a group called IT and another one called LDAP Admins. There are > 5 users under IT and 2 under LDAP Admins. > I'm looking for an acl where members of IT (groupOfUniqueNames) can > modify/write anywhere under ou=Users.... apart from those users under > the LDAP Admins group. > Can anyone give me a help about this please. > > I've found only how to give access to IT group but not how to exclude > LDAP Admins (2 in total) where those 2 exist also under IT group. > > Any ideas? Your DIT sounds a bit messy. Do you have groups under ou=Users? What is your design? BTW, man slapd.access -- Kind Regards, Gavin Henry. OpenLDAP Engineering Team. E ghenry(a)OpenLDAP.org Community developed LDAP software. http://www.openldap.org/project/