Hi, isolate policies using virtual servers and use unlang to define the return attributes rather than the users file. (why the two ldap instances? different people allowed to use eduroam?) alan