Thank you Rob ^^ it works ! <div class="gmail_quote">2010/7/12 Rob Crittenden <<a href="mailto:rcritten@redhat.com">rcritten@redhat.com</a>> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> <div class="im">ALAHYANE Rachid wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi, I want to add an ACI to the ldap server with the aci-add and i do not how can I do it ? The aci to add is the following : (targetattr = "friends,blockedfriends,givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou")(version 3.0;acl "My Self service";allow (write) userdn = "ldap:///self";) </blockquote> </div> The aci plugin can't handle self bind rules yet (I created ticket #80 to track this). You can still add this with ldapmodify though. First you need to replace the comma's in your targetattr with ||, then you should be able to add it with something like: ldapmodify -x -D 'cn=directory manager' -W dn: dc=example,dc=com changetype: modify add: aci aci: <your_aci> ^D<div class="im"> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Note that I added some new target attributes (also added on the ldap schema). The last time, I tried to modify an ACI, the aci entry was deleted. It is for this reason that i try to add a new one. </blockquote> </div> What the aci plugin does in the modify case is delete the old aci and add a new one. The problem with the plugin wasn't shown until after the deletion, hence any aci you tried to modify you basically just deleted. rob </blockquote></div> -- Meilleures salutations / Best Regards Rachid ALAHYANE