What access privileges over a particular suffix are granted to somebody with the "manage" level that somebody with the "write" level does not get? As background, using 2.4.26: This document specifies that somebody with the level "manage" gets everything else: http://www.openldap.org/doc/admin24/access-control.html#The%20access%20to... On the other hand, slapd.access(5) specifies that "manage grants all access including administrative access. The write access is actually the combination of add and delete, which respectively restrict the write privilege to add or delete the specified <what>." (I am very puzzled. It strikes me that once I can write (add/delete) any entry in a subtree I effectively manage it.)