Hello folks,

I have a quick query, I'm using openldap with ppolicy. I'm using following ACL just to test things right, I came across the issue, for which I'm unable to find appropriate answers:

ACL used:

---
access to * by * manage
---

1. How to restrict ldappasswd command to clear the pwdReset flag to user's entry ?
2. Can some other users (member of group) can work rootdn (bypass ppolicy like rootdn but it should apply to their account itself) ?
3. Other question is about ACL is "What's the difference between ACL "write" and "manage" access"

write             =wrscdx          needed to modify/rename
manage        =mwrscdx        needed to manage

I'm not able to determine what access "manage" gives over and above "write" access.
I didn't find much info at openldap.org   access-control section.


Thank you.

Regards,