On 23/3/2012 11:44 πμ, stefano wrote:
Do i have to specify it or the administrator has the access right to every attribute?
Quote from: http://www.openldap.org/doc/admin24/access-control.html :
"Regardless of what access control policy is defined, the rootdn is always allowed full rights (i.e. auth, search, compare, read and write) on everything and anything.
As a consequence, it's useless (and results in a performance penalty) to explicitly list the rootdn among the <by> clauses."
Nick