Hi list. Maybe this could be off-topic but here I think many have used OpenLDAP to unify yours authentication needs, allowing an unique username and password for all the corporate applications. My doubt is, which rules do you use to split all the user levels so that one user could be allowed to access app A but isn't allowed to access app B (think this about many apps)? Have you been using OU's to split user by app and copying them to each app that them must access? Using posix groups and filtering users by filters on each app? Thanks by the help. -- Cleber P. de Souza