ando@sys-net.it wrote: All in all, this seems a bit overkill for the purpose. It seems enough to simply apply usual value matching rules of regular ACLs for regular attributes. I've committed a fix to HEAD code, please test. Use "regex" style to match the prefix hash mech, like val.regex="^[{]SSHA[}]". p. SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497