Hi, I am trying to create one ACI in my directory server in order to resolve the folowing problem: I have one node "ou=People,o=root" where I am going to create groups (not real groups, organizational units) of persons. So, under this node I will have entries like: ou=Group 1,ou=People,o=root And, under these objects, I will create the user objects and all the objects that belong to these users. For example, uid=jortiz,ou=Group 1,ou=People,o=root cn=data1,uid=jortiz,ou=Group 1,ou=People,o=root cn=data2,uid=jortiz,ou=Group 1,ou=People,o=root Now, with this structure, what I want to get is that all the users have rigths for all operations in their own node and all the nodes under this node. For example, the user 'jortiz' should have access to 'uid=jortiz,ou=Group 1,ou=People,o=root' and 'cn=data2,uid=jortiz,ou=Group 1,ou=People,o=root'. I know one way to solve this problem and it is to create an ACI in every user object and said in it: let to 'self', write in this object. The problem is that I have to mantain one ACI for each user in the directory. What I am looking for is for method to create this ACI in the node 'Group' or 'People'. Is it possible? And, if it is possible, do you know how to implement it? Thank you in advance Jorge Ortiz Claver
