On 03/23/2012 11:37 AM, Nick Milas wrote:
On
23/3/2012 11:44 πμ, stefano wrote:
Do i have to specify it or the
administrator has the access right to every attribute?
Quote from:
http://www.openldap.org/doc/admin24/access-control.html :
"Regardless of what access control policy is defined, the rootdn
is always allowed full rights (i.e. auth, search, compare, read
and write) on everything and anything.
As a consequence, it's useless (and results in a performance
penalty) to explicitly list the rootdn among the <by>
clauses."
Nick
thanks!