John Keimel <jkeimel at bowdoin.edu> wrote: > What we'd rather do is allow access based on the value of access_attr . > So rather than just allowing if it exists, we might later pass on some > extra rights to people in different groups. vpntype: foo or > vpntype: bar vpntype: baz - whatever those values might be. Use LDAP-Group. Alan DeKok.