is performed with the
.B rootdn
identity; all the operations, when performed with any other identity,
-may be subjected to constraints, like access control.
+may be subjected to constraints, like access control. This overlay
+requires a rootdn to be configured on the database.
.P
Note that the IETF Password Policy proposal for LDAP makes sense
when considering a single-valued password attribute, while