We have a ACS which autenticates RAS users in a LDAP, we have internal and external users which hang on the same LDAP branch, we want to configure a pattern, because the internal users all start with the same characters. We have seen that it is posible to configure a Filter Domain (Prefix) and in the Domain Markup and the pattern that should comply with the users. The problem is that the users can start with (U010*, U011*, U012*, U013*), how can I configure that all users can login that start with these characters. Meanwhile the others that contain other character not be able to login. We also want to force the users to change there passwords at the start of the session if they blocked out. Can the ACS reset the password of a LDAP user? The LDAP version is Netscape Directory.