The short question: Shouldn't a user created in the acl_users folder at the root with Manager be able to do all the things that the user created in ZOPE_ROOT/access? If not, what is the difference? The long explanation: If I create an index_html in / that just does: <!--#var standard_html_header--> <dtml-tree> <dtml-var id> </dtml-tree> <!--#var standard_html_footer--> It will pop up a login when I go to it. If I log in as the user in my access file it works, if I login as the user created in in /acl_users with Manager - it get authorization failed. However, I can go to http://localhost/manage and login with the user in /acl_users and everything seems to work fine (except viewing /index_html.) I've written a product that lets you browse LDAP servers via the tree tag but I can' seem to make it so Anonymous can view the page. Please help! ^Roman