I have this syntactically correct ACI: (targetattr = "*") (targetfilter="(ou=mailrouting-listserver)") (version 3.0;acl "Listserver Administrator";allow (all) (userdn = "ldap:///uid=listserve,ou=resource accounts,ou=people,dc=itasoftware,dc=com");) It's set on the ou=mailrouting-listserver,ou=resource accounts,etc,etc branch. I can authenticate successfully using the uid=listserve account, but I cannot in fact write or change entries in the ou=mailrouting-listserver branch using the account. What have I missed? -- Anne "juniper" Cross Extropic Crusader, Email Plumber Information Technology, ITA Software -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
