diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc
index 1ef80329..837df79c 100644
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@@ -875,7 +875,7 @@ class accountContainer {
 				exit;
 			}
 			// module actions
-			if (sizeof($_POST) > 0) {
+			if ((sizeof($_POST) > 0) && checkIfWriteAccessIsAllowed()) {
 				$result = call_user_func(array(&$this->module[$this->order[$this->current_page]], 'process_'.$this->subpage));
 				if (is_array($result)) {  // messages were returned, check for errors
 					for ($i = 0; $i < sizeof($result); $i++) {
diff --git a/lam/lib/tree.inc b/lam/lib/tree.inc
index adf2707d..b8302dfa 100644
--- a/lam/lib/tree.inc
+++ b/lam/lib/tree.inc
@@ -86,9 +86,12 @@ function draw_server_tree()
 			echo '<nobr>';
 			echo '( ';
 			echo '<a title="' . _('Refresh') . '"'.
-				' href="' . $refresh_href . '">' . _('Refresh') . '</a> | ';
-			echo '<a title="' . _('Create new entry') . '"'.
-					' href="' . $create_href . '" target="right_frame">' . _('Create new entry') . '</a>';
+				' href="' . $refresh_href . '">' . _('Refresh') . '</a>';
+			if (checkIfWriteAccessIsAllowed()) {
+				echo ' | ';
+				echo '<a title="' . _('Create new entry') . '"'.
+						' href="' . $create_href . '" target="right_frame">' . _('Create new entry') . '</a>';
+			}
 			echo ' )</nobr></td></tr>';
 
 			// Fetch and display the base DN for this server
@@ -147,13 +150,15 @@ function draw_server_tree()
 			if( isset( $tree[$base_dn] ) && is_array( $tree[$base_dn] ) ) {
 				foreach( $tree[ $base_dn ] as $child_dn )
 					draw_tree_html( $child_dn, 0 );
-					echo '<tr><td class="spacer"></td>';
-					echo '<td class="icon"><a href="' . $create_href .
-						'" target="right_frame"><img src="../../graphics/star.png" alt="' . 
-						_('Create new entry') . '" /></a></td>';
-					echo '<td class="create" colspan="100"><a href="' . $create_href
-						. '" target="right_frame" title="' . _('Create new entry')
-						. ' ' . $base_dn.'">' . _('Create new entry') . '</a></td></tr>';
+					if (checkIfWriteAccessIsAllowed()) {
+						echo '<tr><td class="spacer"></td>';
+						echo '<td class="icon"><a href="' . $create_href .
+							'" target="right_frame"><img src="../../graphics/star.png" alt="' . 
+							_('Create new entry') . '" /></a></td>';
+						echo '<td class="create" colspan="100"><a href="' . $create_href
+							. '" target="right_frame" title="' . _('Create new entry')
+							. ' ' . $base_dn.'">' . _('Create new entry') . '</a></td></tr>';
+					}
 			}
 
 }
diff --git a/lam/templates/tree/add_attr.php b/lam/templates/tree/add_attr.php
index 183bc029..a6d504bc 100644
--- a/lam/templates/tree/add_attr.php
+++ b/lam/templates/tree/add_attr.php
@@ -59,6 +59,9 @@ include_once('../../lib/account.inc');
 // start session
 startSecureSession();
 
+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();
 
 $attr = $_POST['attr'];
diff --git a/lam/templates/tree/add_oclass.php b/lam/templates/tree/add_oclass.php
index 6bce3b10..987b0e7e 100644
--- a/lam/templates/tree/add_oclass.php
+++ b/lam/templates/tree/add_oclass.php
@@ -59,6 +59,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();
 
+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();
 
 $dn = rawurldecode( $_POST['dn'] );
diff --git a/lam/templates/tree/add_oclass_form.php b/lam/templates/tree/add_oclass_form.php
index 1881c314..4fb0b8d1 100644
--- a/lam/templates/tree/add_oclass_form.php
+++ b/lam/templates/tree/add_oclass_form.php
@@ -60,6 +60,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();
 
+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();
 
 $dn = rawurldecode( $_POST['dn'] );
diff --git a/lam/templates/tree/add_value.php b/lam/templates/tree/add_value.php
index e1ca3e8b..97bb169d 100644
--- a/lam/templates/tree/add_value.php
+++ b/lam/templates/tree/add_value.php
@@ -59,6 +59,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();
 
+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();
 
 $dn = rawurldecode( $_POST['dn'] );
diff --git a/lam/templates/tree/create.php b/lam/templates/tree/create.php
index 76c311ea..48fe062a 100644
--- a/lam/templates/tree/create.php
+++ b/lam/templates/tree/create.php
@@ -59,6 +59,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();
 
+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();
 
 $new_dn = isset( $_POST['new_dn'] ) ? $_POST['new_dn'] : null;
diff --git a/lam/templates/tree/delete.php b/lam/templates/tree/delete.php
index ae72a423..68345d72 100644
--- a/lam/templates/tree/delete.php
+++ b/lam/templates/tree/delete.php
@@ -54,6 +54,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();
 
+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();
 
 echo $_SESSION['header'];
diff --git a/lam/templates/tree/delete_attr.php b/lam/templates/tree/delete_attr.php
index 9095f5b5..16cad44d 100644
--- a/lam/templates/tree/delete_attr.php
+++ b/lam/templates/tree/delete_attr.php
@@ -54,6 +54,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();
 
+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();
 
 $dn = $_POST['dn'] ;
diff --git a/lam/templates/tree/edit.php b/lam/templates/tree/edit.php
index 4f37047d..8c3bb270 100644
--- a/lam/templates/tree/edit.php
+++ b/lam/templates/tree/edit.php
@@ -109,13 +109,16 @@ echo "</head>\n";
 </tr>
 
 <tr>
+<?php if (checkIfWriteAccessIsAllowed()) { ?>
 	<td class="icon"><img src="../../graphics/delete.gif" /></td>
 	<td><a style="color: red" href="delete_form.php?dn=<?php echo $encoded_dn; ?>">
 	<?php echo _('Delete'); ?></a></td>
+<?php } ?>
 	<td class="icon"><img src="../../graphics/save.png" /></td>
 	<td><a href="export_form.php?dn=<?php echo $encoded_dn; ?>">
 	<?php echo _('Export'); ?></a></td>
 </tr>
+<?php if (checkIfWriteAccessIsAllowed()) { ?>
 <tr>
     	<td class="icon"><img src="../../graphics/light.png" /></td>
     	<td colspan="3"><span class="tree_hint"><?php echo _('Hint: To delete an attribute, empty the text field and click save.'); ?></span></td>
@@ -126,6 +129,7 @@ echo "</head>\n";
 	<td class="icon"><img src="../../graphics/add.png" /></td>
 	<td><a href="<?php echo "add_attr_form.php?dn=$encoded_dn"; ?>"><?php echo _('Add new attribute'); ?></a></td>
 </tr>
+<?php } ?>
 
 
 <?php flush(); ?>
@@ -483,7 +487,7 @@ foreach( $attrs as $attr => $vals ) {
 		/* Draw the "add value" link under the list of values for this attributes */
 
 		if(	( $schema_attr = get_schema_attribute( $attr, $dn ) ) &&
-			! $schema_attr->getIsSingleValue() )
+			! $schema_attr->getIsSingleValue() && checkIfWriteAccessIsAllowed() )
 		{ 
 			$add_href = "add_value_form.php?dn=$encoded_dn&amp;attr=" . rawurlencode( $attr ); 
 			echo "<div class=\"add_value\">(<a href=\"$add_href\">" . 
@@ -504,8 +508,10 @@ foreach( $attrs as $attr => $vals ) {
 	flush();
 
 } /* End foreach( $attrs as $attr => $vals ) */ ?>
-
-	<tr><td colspan="2"><center><input type="submit" value="<?php echo _('Save'); ?>" /></center></td></tr></form>
+	<?php if (checkIfWriteAccessIsAllowed()) { ?>
+		<tr><td colspan="2"><center><input type="submit" value="<?php echo _('Save'); ?>" /></center></td></tr>
+	<?php } ?>
+	</form>
 	
 <?php 
 ?>
diff --git a/lam/templates/tree/rdelete.php b/lam/templates/tree/rdelete.php
index d68315ca..52a97f0a 100644
--- a/lam/templates/tree/rdelete.php
+++ b/lam/templates/tree/rdelete.php
@@ -53,6 +53,9 @@ include_once('../../lib/status.inc');
 // start session
 startSecureSession();
 
+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();
 
 echo $_SESSION['header'];
diff --git a/lam/templates/tree/tree.php b/lam/templates/tree/tree.php
index 69293c82..b6dd0819 100644
--- a/lam/templates/tree/tree.php
+++ b/lam/templates/tree/tree.php
@@ -174,6 +174,9 @@ function draw_tree_html( $dn, $level = 0 )
 
 function draw_create_link( $rdn, $level, $encoded_dn )
 {
+	if (!checkIfWriteAccessIsAllowed()) {
+		return;
+	}
     // print the "Create New object" link.
     $create_html = "";
     $create_href = "create_form.php?container=$encoded_dn";
diff --git a/lam/templates/tree/update.php b/lam/templates/tree/update.php
index 9be7d656..a90fe3f4 100644
--- a/lam/templates/tree/update.php
+++ b/lam/templates/tree/update.php
@@ -65,6 +65,9 @@ include_once('../../lib/ldap.inc');
 // start session
 startSecureSession();
 
+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();
 
 $dn = $_POST['dn'];
diff --git a/lam/templates/tree/update_confirm.php b/lam/templates/tree/update_confirm.php
index 4592b84a..ffe5336f 100644
--- a/lam/templates/tree/update_confirm.php
+++ b/lam/templates/tree/update_confirm.php
@@ -55,6 +55,9 @@ include_once('../../lib/account.inc');
 // start session
 startSecureSession();
 
+// die if no write access
+if (!checkIfWriteAccessIsAllowed()) die();
+
 setlanguage();
 
 $dn = $_POST['dn'];