Hallo all, is it possible to write an ACL (with sets) which extracts the peername.ip from within an existing entry of ipHost an then compares the connecting peername.ip? My idea is to only allow access to this entry by connecting peername.ip 192.168.1.1: dn: cn=myhost.wdf.sap.corp,ou=HOSTS objectClass: ipHost objectClass: device cn: myhost.wdf.sap.corp ipHostNumber: 192.168.1.1 Background: I want to use ovleray nssov and therefore I need all host information at each host locally in ldap. 'cause we have several thousands of hosts I dont want to replicate all ipHosts to each local database. Thanks for any advice/hint. Regards Uwe