Hi, my position to this bug is written down in the bugtracker and I don't consider this a bug. Any opinions about what to do with it? It would apply to virtually any kind of web application accessing some kind of database/ldap passwords somewhere in the filesystem. This is a simulated problem - or maybe someone wants to implement built-in ACL support for (at least) the 4 major LDAP servers? Thanks, Cajus