Clarify new "entry" ACLs

diff --git a/doc/guide/admin/slapdconfig.sdf b/doc/guide/admin/slapdconfig.sdf
index 1e653232ec171aff779438b9f923f491100eeb69..f7ed62772dcfd6fc4c1e5e6a169d3c7029f7fee8 100644 (file)
--- a/doc/guide/admin/slapdconfig.sdf
+++ b/doc/guide/admin/slapdconfig.sdf
@@ -650,11 +650,13 @@ There are two special {{psuedo}} attributes {{EX:entry}} and
 {{EX:children}}.  To read (and hence return) an target entry, the
 subject must have {{EX:read}} access to the target's {{entry}}
 attribute.  To add or delete an entry, the subject must have
-{{EX:write}} access to the entry's parent's {{EX:children}} attribute.
-To rename an entry, the subject must have {{EX:write}} access to
-both the old parent's and new parent's {{EX:children}} attributes.
-The complete examples at the end of this section should help clear
-things up.
+{{EX:write}} access to the entry's {{EX:entry}} attribute AND must
+have {{EX:write}} access to the entry's parent's {{EX:children}}
+attribute.  To rename an entry, the subject must have {{EX:write}}
+access to entry's {{EX:entry}} attribute AND have {{EX:write}}
+access to both the old parent's and new parent's {{EX:children}}
+attributes.  The complete examples at the end of this section should
+help clear things up.
 
 Lastly, there is a special entry selector {{EX:"*"}} that is used to
 select any entry.  It is used when no other {{EX:<what>}}