X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=doc%2Fman%2Fman5%2Fslapd-dnssrv.5;h=ad00bac2d6a760da640b651e88a5e11b55a67efe;hb=6dda3642762f983a3bfe4c3c7f4fc4366d5e846e;hp=c4afb8590878520bc6f316f7baad8be7c0bbda7e;hpb=7d958d9773e2b5ea81fe07518eadd8e92e2f56d2;p=openldap

diff --git a/doc/man/man5/slapd-dnssrv.5 b/doc/man/man5/slapd-dnssrv.5
index c4afb85908..ad00bac2d6 100644
--- a/doc/man/man5/slapd-dnssrv.5
+++ b/doc/man/man5/slapd-dnssrv.5
@@ -17,6 +17,21 @@ This backend is experimental.
 The DNSSRV backend has no backend nor database specific options.
 It is configured simply by "database dnssrv" followed a suffix
 directive, e.g. suffix "".
+.SH ACCESS CONTROL
+The
+.B dnssrv
+backend does not honor all ACL semantics as described in
+.BR slapd.access (5).
+In fact, this backend only implements the
+.B search
+operation when the
+.B manageDSAit
+control (RFC3296) is used, otherwise for every operation a referral,
+whenever appropriate, or an error is returned.
+Currently, there is no means to condition the returning of the referral
+by means of ACLs; no access control is implemented, except for 
+.B read (=r)
+access to the returned entries, which is actually provided by the frontend.
 .SH FILES
 .TP
 ETCDIR/slapd.conf