Hi, I have installed fedora-ds 1.0.4 to Fedora 6 server. I am trying to install mail ldap cluster. I have added a domain like dc=my,dc=domain,dc=com and added a virtual domain like ou=virtdomain.com,dc=my,dc=domain,dc=com after adding a user like: uid=user,ou=virtdomain.com,dc=my,dc=domain,dc=com and changing its password gives me that error: aci: (targetattr = "userPassword") ( version 3.0; acl "disallow_pw_change_aci"; deny (write ) userdn = "ldap:///self";;) I have read http://www.redhat.com/docs/manuals/dir-server/ag/7.1/acl.html and added an aci like: aci: (targetattr="userPassword || homePhone || homePostalAddress") (version 3.0; acl "Write my.domain.com"; allow (write) userdn= "ldap:///self";;) for ou=virtdomain.com,dc=my,dc=domain,dc=com But I still get aci: (targetattr = "userPassword") ( version 3.0; acl "disallow_pw_change_aci"; deny (write ) userdn = "ldap:///self";;) error. How can I disable disallow_pw_change aci since I couldn't find this aci anywhere using directory admin gui. By the way I think this comes from userRoot database. But I can't find a place to disable disallow_pw_change Best Regards, ____________________________________________________________________________________ Get the free Yahoo! toolbar and rest assured with the added security of spyware protection. http://new.toolbar.yahoo.com/toolbar/features/norton/index.php