diff --git a/acls b/acls
index f796202..f0ec907 100644
--- a/acls
+++ b/acls
@@ -7,4 +7,6 @@ acl * self * +a;
 # admins at fefe.de can write in their tree
 acl (dn=*ou=admin,d=fefe,c=de) (dn=*,d=fefe,c=de) * +rwdR;
 # everyone can read everything else
-acl * * * +r;
+#acl * * * +r;
+# authenticated users can read everything else
+acl (dn=*) * * +r;
diff --git a/asn1dump.c b/asn1dump.c
index 7503f8e..2ec2b11 100644
--- a/asn1dump.c
+++ b/asn1dump.c
@@ -3,6 +3,7 @@
 #include <stdlib.h>
 #include "asn1.h"
 #include "mmap.h"
+#include <ctype.h>
 
 #include "printasn1.c"
 
@@ -11,7 +12,7 @@ int main(int argc,char* argv[]) {
   size_t l;
 
   if (argc<2) {
-    printf("usage: asn1dump filename\n");
+    puts("usage: asn1dump filename");
     return 0;
   }
   buf=mmap_read(argv[1],&l);
diff --git a/fmt_ldapadl.c b/fmt_ldapadl.c
index be4e647..c8ba076 100644
--- a/fmt_ldapadl.c
+++ b/fmt_ldapadl.c
@@ -1,7 +1,7 @@
 #include "ldap.h"
 
-static size_t doit(char* dest,struct AttributeDescriptionList* adl,int seq) {
-  struct AttributeDescriptionList* x=adl;
+static size_t doit(char* dest,const struct AttributeDescriptionList* adl,int seq) {
+  const struct AttributeDescriptionList* x=adl;
   size_t sum=0,tmp;
   while (x) {
     sum+=fmt_asn1OCTETSTRING(0,0,x->a.l);
@@ -23,10 +23,10 @@ static size_t doit(char* dest,struct AttributeDescriptionList* adl,int seq) {
   return sum;
 }
 
-size_t fmt_ldapadl(char* dest,struct AttributeDescriptionList* adl) {
+size_t fmt_ldapadl(char* dest,const struct AttributeDescriptionList* adl) {
   return doit(dest,adl,1);
 }
 
-size_t fmt_ldapavl(char* dest,struct AttributeDescriptionList* adl) {
+size_t fmt_ldapavl(char* dest,const struct AttributeDescriptionList* adl) {
   return doit(dest,adl,0);
 }
diff --git a/fmt_ldapava.c b/fmt_ldapava.c
index 5640472..956e5b2 100644
--- a/fmt_ldapava.c
+++ b/fmt_ldapava.c
@@ -1,6 +1,6 @@
 #include "ldap.h"
 
-size_t fmt_ldapava(char* dest,struct AttributeValueAssertion* a) {
+size_t fmt_ldapava(char* dest,const struct AttributeValueAssertion* a) {
   size_t sum,l;
   sum=fmt_ldapstring(dest,&a->desc);
   if (dest) dest+=sum;
diff --git a/fmt_ldapbindrequest.c b/fmt_ldapbindrequest.c
index 6018737..88c2243 100644
--- a/fmt_ldapbindrequest.c
+++ b/fmt_ldapbindrequest.c
@@ -3,7 +3,7 @@
 #include "str.h"
 #include "rangecheck.h"
 
-size_t fmt_ldapbindrequest(char* dest,long version,char* name,char* simple) {
+size_t fmt_ldapbindrequest(char* dest,long version,const char* name,const char* simple) {
   size_t l,sum;
   size_t nlen=str_len(name);
   sum=l=fmt_asn1INTEGER(dest,version);
diff --git a/fmt_ldapdeleterequest.c b/fmt_ldapdeleterequest.c
index ffddc3a..7690996 100644
--- a/fmt_ldapdeleterequest.c
+++ b/fmt_ldapdeleterequest.c
@@ -2,7 +2,7 @@
 #include "ldap.h"
 #include "byte.h"
 
-size_t fmt_ldapdeleterequest(char* dest,struct string* s) {
+size_t fmt_ldapdeleterequest(char* dest,const struct string* s) {
   if (dest) byte_copy(dest,s->l,s->s);
   return s->l;
 }
diff --git a/fmt_ldappal.c b/fmt_ldappal.c
index fc519ae..1a6bef3 100644
--- a/fmt_ldappal.c
+++ b/fmt_ldappal.c
@@ -1,6 +1,6 @@
 #include "ldap.h"
 
-size_t fmt_ldappal(char* dest,struct PartialAttributeList* pal) {
+size_t fmt_ldappal(char* dest,const struct PartialAttributeList* pal) {
 //  int l,l2,sum;
   size_t sum,l,l2;
   if (!pal) return 0;
diff --git a/fmt_ldapresult.c b/fmt_ldapresult.c
index b62b15b..a2fa6e0 100644
--- a/fmt_ldapresult.c
+++ b/fmt_ldapresult.c
@@ -1,7 +1,7 @@
 #include "ldap.h"
 #include "str.h"
 
-size_t fmt_ldapresult(char* dest,long result,char* matcheddn,char* errormessage,char* referral) {
+size_t fmt_ldapresult(char* dest,long result,const char* matcheddn,const char* errormessage,const char* referral) {
   size_t l,sum=0,nlen;
   sum=l=fmt_asn1ENUMERATED(dest,result);
   if (dest) dest+=l;
diff --git a/fmt_ldapsearchfilter.c b/fmt_ldapsearchfilter.c
index 6c2f2c1..bbd2c55 100644
--- a/fmt_ldapsearchfilter.c
+++ b/fmt_ldapsearchfilter.c
@@ -16,7 +16,7 @@
                 extensibleMatch [9] MatchingRuleAssertion }
 */
 
-size_t fmt_ldapsubstring(char* dest,struct Substring* s) {
+size_t fmt_ldapsubstring(char* dest,const struct Substring* s) {
   size_t sum=0,tmp=0;
   while (s) {
     tmp=fmt_asn1string(dest,PRIVATE,PRIMITIVE,s->substrtype,s->s.s,s->s.l);
@@ -26,7 +26,7 @@ size_t fmt_ldapsubstring(char* dest,struct Substring* s) {
   return sum;
 }
 
-size_t fmt_ldapsearchfilter(char* dest,struct Filter* f) {
+size_t fmt_ldapsearchfilter(char* dest,const struct Filter* f) {
   size_t sum=0,tmp,savesum;
   if (!f)
     return 0;
diff --git a/fmt_ldapsearchfilterstring.c b/fmt_ldapsearchfilterstring.c
index a4fa1aa..6151609 100644
--- a/fmt_ldapsearchfilterstring.c
+++ b/fmt_ldapsearchfilterstring.c
@@ -3,7 +3,7 @@
 #include "str.h"
 #include "ldap.h"
 
-size_t fmt_ldapsearchfilterstring(char* dest,struct Filter* f) {
+size_t fmt_ldapsearchfilterstring(char* dest,const struct Filter* f) {
   size_t len;
   len = fmt_str(dest,"(");
   switch (f->type) {
diff --git a/fmt_ldapsearchrequest.c b/fmt_ldapsearchrequest.c
index 3dbac1e..3792f05 100644
--- a/fmt_ldapsearchrequest.c
+++ b/fmt_ldapsearchrequest.c
@@ -1,6 +1,6 @@
 #include "ldap.h"
 
-size_t fmt_ldapsearchrequest(char* dest,struct SearchRequest* sr) {
+size_t fmt_ldapsearchrequest(char* dest,const struct SearchRequest* sr) {
   size_t l,sum=0;
   sum=fmt_ldapstring(dest,&sr->baseObject);
   if (dest) dest+=sum;
diff --git a/fmt_ldapsearchresultentry.c b/fmt_ldapsearchresultentry.c
index 6fbe2bf..3a30b53 100644
--- a/fmt_ldapsearchresultentry.c
+++ b/fmt_ldapsearchresultentry.c
@@ -1,6 +1,6 @@
 #include "ldap.h"
 
-size_t fmt_ldapsearchresultentry(char* dest,struct SearchResultEntry* sre) {
+size_t fmt_ldapsearchresultentry(char* dest,const struct SearchResultEntry* sre) {
   size_t l,sum=0;
   sum=fmt_ldapstring(dest,&sre->objectName);
   if (dest) dest+=sum;
diff --git a/fmt_ldapstring.c b/fmt_ldapstring.c
index ffc3632..48dd546 100644
--- a/fmt_ldapstring.c
+++ b/fmt_ldapstring.c
@@ -1,5 +1,5 @@
 #include "ldap.h"
 
-size_t fmt_ldapstring(char* dest,struct string* s) {
+size_t fmt_ldapstring(char* dest,const struct string* s) {
   return fmt_asn1OCTETSTRING(dest,s->s,s->l);
 }
diff --git a/ldap.h b/ldap.h
index ef70fae..e121904 100644
--- a/ldap.h
+++ b/ldap.h
@@ -182,21 +182,21 @@ size_t scan_ldapsearchfilterstring(const char* src,struct Filter** f);
 size_t scan_ldapdeleterequest(const char* src,const char* max,struct string* s);
 size_t scan_ldapmodifydnrequest(const char* src,const char* max,struct ModifyDNRequest* mdr);
 
-size_t fmt_ldapstring(char* dest,struct string* s);
+size_t fmt_ldapstring(char* dest,const struct string* s);
 size_t fmt_ldapmessage(char* dest,long messageid,long op,size_t len);
-size_t fmt_ldapbindrequest(char* dest,long version,char* name,char* simple);
-size_t fmt_ldapsearchfilter(char* dest,struct Filter* f);
-size_t fmt_ldapsearchrequest(char* dest,struct SearchRequest* s);
-size_t fmt_ldapsearchresultentry(char* dest,struct SearchResultEntry* sre);
-size_t fmt_ldapresult(char* dest,long result,char* matcheddn,char* errormessage,char* referral);
-size_t fmt_ldappal(char* dest,struct PartialAttributeList* pal);
-size_t fmt_ldapava(char* dest,struct AttributeValueAssertion* a);
-size_t fmt_ldapadl(char* dest,struct AttributeDescriptionList* adl);
-size_t fmt_ldapavl(char* dest,struct AttributeDescriptionList* adl);
-size_t fmt_ldapmodifyrequest(char* dest,struct ModifyRequest* m);
-size_t fmt_ldapsearchfilterstring(char* dest,struct Filter* f);
-size_t fmt_ldapdeleterequest(char* dest,struct string* s);
-size_t fmt_ldapmodifydnrequest(char* dest,struct ModifyDNRequest* mdr);
+size_t fmt_ldapbindrequest(char* dest,long version,const char* name,const char* simple);
+size_t fmt_ldapsearchfilter(char* dest,const struct Filter* f);
+size_t fmt_ldapsearchrequest(char* dest,const struct SearchRequest* s);
+size_t fmt_ldapsearchresultentry(char* dest,const struct SearchResultEntry* sre);
+size_t fmt_ldapresult(char* dest,long result,const char* matcheddn,const char* errormessage,const char* referral);
+size_t fmt_ldappal(char* dest,const struct PartialAttributeList* pal);
+size_t fmt_ldapava(char* dest,const struct AttributeValueAssertion* a);
+size_t fmt_ldapadl(char* dest,const struct AttributeDescriptionList* adl);
+size_t fmt_ldapavl(char* dest,const struct AttributeDescriptionList* adl);
+size_t fmt_ldapmodifyrequest(char* dest,const struct ModifyRequest* m);
+size_t fmt_ldapsearchfilterstring(char* dest,const struct Filter* f);
+size_t fmt_ldapdeleterequest(char* dest,const struct string* s);
+size_t fmt_ldapmodifydnrequest(char* dest,const struct ModifyDNRequest* mdr);
 
 #define fmt_ldapbindresponse(a,b,c,d,e) fmt_ldapresult(a,b,c,d,e)
 #define fmt_ldapsearchresultdone(a,b,c,d,e) fmt_ldapresult(a,b,c,d,e)