Hum, the translucent overlay allows to a user who's not on my local db to login -> I don't want to write up ACLs for some thousands of users!!! Well, I guess I did find the way that best suits my needs using the "rwm-rewriteMap" command :
######################## rwm-rewriteMap ldap uid2dn "ldap://remote-ldap.example.com:389/ou=people,dc=example,dc=com?dn?sub"; rwm-rewriteRule "^uid=([^,]+),cn=users,dc=local,dc=example,dc=com$" "${uid2dn((&(objectClass=posixAccount)(uid=$1)))}" ":@I" ######################## That does all I wanted to ^^ Thanks for the support, Frava.
