An attribute type can not, should not be both userApplication and operational usages. While I don't necessarily object to a syntax extension, I would object to overloading the ldapACI attribute type with userApplication usage. At 10:33 AM 2/20/01 -0800, Bruce Greenblatt wrote: >As promised, attached are my proposed modifications to the ACL draft to support application defined permissions. > >Bruce >