clarify default access control policy

author Kurt Zeilenga <kurt@openldap.org>

Thu, 18 Dec 2003 17:32:30 +0000 (17:32 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Thu, 18 Dec 2003 17:32:30 +0000 (17:32 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Thu, 18 Dec 2003 17:32:30 +0000 (17:32 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Thu, 18 Dec 2003 17:32:30 +0000 (17:32 +0000)
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf

index 0bdbe7306571944c77ad044a0abb99c26175faad..6ea1eab79d976e5c4b89bba317fda09a9c25678c 100644 (file)
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -42,10 +42,11 @@ argsfile    %LOCALSTATEDIR%/slapd.args
  #      by users read
  #      by anonymous auth
  #
-# if no access controls are present, the default policy is:
-#      Allow read by all
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
  #
-# rootdn can always write!
+# rootdn can always read and write EVERYTHING!
  
  #######################################################################
  # ldbm database definitions
author	Kurt Zeilenga <kurt@openldap.org>
	Thu, 18 Dec 2003 17:32:30 +0000 (17:32 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Thu, 18 Dec 2003 17:32:30 +0000 (17:32 +0000)