On 03/23/2012 11:37 AM, Nick Milas wrote:
On 23/3/2012 11:44 πμ, stefano wrote:

Do i have to specify it or the administrator has the access right to every attribute?

Quote from: http://www.openldap.org/doc/admin24/access-control.html :

"Regardless of what access control policy is defined, the rootdn is always allowed full rights (i.e. auth, search, compare, read and write) on everything and anything.

As a consequence, it's useless (and results in a performance penalty) to explicitly list the rootdn among the <by> clauses."

Nick


thanks!