>The patch is already included since the following STABLE versions: > >2.7 STABLE1 >3.0 STABLE2 Guido, Thanks, I should have read all the comments in the post:) Do you know if it's possible to facilitate the following scenario where access is auth'ed by Kerberos, and an ldap external_acl_type checks group membership without a specific bind account, but uses the Kerberos auth'ed user as the bind account? Thanks, jlc