<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>We have been able to run ldapsearchs that revealed what we consider private info on certain fields such as sambalmpassword, sambantpassword for example. Even though they are crypted we would like to restrict certain fields to directory managers and not anonymous searches. I believe this is what the aci’s are for, but I am fuzzy on how this works. If someone could verify I would appreciate it and lead me in the right direction. We are trying to keep regular users from seeing these fields.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>thanks<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>David Hoskinson | </span><b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:blue'>DATATRAK</span></b><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:blue'> International</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><br>Systems Engineer<br>Mayfield Heights, Ohio, USA <br>+1.440.443.0082 x 124 (p</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>) | +1.216<span style='color:black'>.280.5457 (m)<br><a href="mailto:david.hoskinson@datatrak.net" title="blocked::mailto:anna.lyatkher@datatrak.net"><span style='color:blue'>david.hoskinson@datatrak.net</span></a> | <a href="http://www.datatrak.net/" title="blocked::http://www.datatrak.net/ http://www.datatrak.net/"><span style='color:blue'>www.datatrak.net</span></a></span></span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>