Thanks for your help !! ... With the information you gave me I could authenticate / add and delete users. Below is the complete list of LDAP ACLs I have currently active. ************************************************** defaultaccess read access to dn="ou=People,dc=mysite,dc=com" by dn="uid=zeo,ou=People,dc=mysite,dc=com" write by * read access to dn="ou=zope-grps,dc=mysite,dc=com" by dn="uid=zeo,ou=People,dc=mysite,dc=com" write by * read access to filter="objectclass=cdObject" by dn="uid=zeo,ou=People,dc=mysite,dc=com" write by * read access to attr=userpassword by self write by * read access to * by * read ********************************************************* I also provided the Manager Dn in the LDAP user folder as... cn=Manager,dc=mysite,dc=com Now with all these settings i can successfully add / modify / delete / authenticate the relevant users. But what I need to know is .....do we need the Manager DN/passwd within the LDAP user folder??... In fact, the manager should only be used for server administrative tasks, we use it to get system account information into the LDAP directory. I need to know if there is a way for me to achieve the same WITHOUT specifying the Manager DN within the LDAPUserFolder !!!! .... would be helpful if I get some guidance :-) ...!!!! Thanks once again, Kris :-)