Hello to all, I need your help with OpenLDAP ACL. Here is my DIT : dc=example,dc=com ou=Users uid=user1 uid=user2 ou=Groups cn=... cn=... I use that to do Unix Auth with pam. It works fine. Now, i need to modify my tree like that : dc=example,dc=com ou=Users uid=user1 uid=user2 ou=Foo uid=user3 uid=user4 ou=Groups cn=... cn=... So, I've added the OU "foo" to "Ou=Users". In my network, all PCs are configured with pam_ldap reading "dc=example,dc=com". So, when i do : $ getent passwd I have : user1 user2 user3 user4 What I want : * if i'm "Ou=Users" member, for example "user1", with pam_ldap suffix : "dc=example,dc=com" : $ getent passwd user1 user2 * if i'm "Ou=Foo" member, for example "user_b", with pam_ldap suffix : "dc=example,dc=com" : $ getent passwd user3 user4 Is it possible to do so without modifying the DIT structure ? (only with ACL ?) Thanks a lot for your help. -- Alexis GÜNST HORN System administrator Exascale Computing Research