On 01/31/2014 05:49 PM, quanah@OpenLDAP.org wrote:

Full_Name: Quanah Gibson-Mount Version: 2.4.39 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.58.125)

The documentation in the Admin guide and the man pages for the "manage" ACL setting has virtual no documentation. The only definitive statement is a very vague:

" thus manage grants all access including administrative access"

What does administrative access mean?

It allows write when write is granted and the "relax" control is present. In practice, those who have "manage" access can perform those normally "prohibited" operations described in draft-zeilenga-ldap-relax.

p.