Thanks, Adam I was afraid of that, but see what made me think otherwise. At http://www.openldap.org/doc/admin24/slapdconf2.html: "the slapd(8) runtime configuration in 2.3 (and later) is fully LDAP-enabled and can be managed using the standard LDAP operations with data in LDIF." - I have slapd 2.4.9 "but must be converted to the new *slapd-config*(5) format to allow runtime changes to be saved". - I did that, but I really don't have the slapd-config man page in */etc/default/slapd* there were already a coment about the the cn=config backend # Default location of the slapd.conf file. If empty, use the compiled-in # default (/etc/ldap/slapd.conf). If using the cn=config backend to store # configuration in LDIF, set this variable to the directory containing the # cn=config data. SLAPD_CONF= And, after all, I've already deleted slapd.conf and authentication is being made with slapd.d/ Please forgive me for insisting. Thanks Are you sure it can't be a matter of ACL, admin authentication, or something else? I'll upgrade to lucid, but it may take a couple of months.