From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 18 Dec 2003 17:32:30 +0000 (+0000)
Subject: clarify default access control policy
X-Git-Tag: OPENLDAP_REL_ENG_2_1_MP~148
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=babc993ef7c95ac05c4f75370da1c9effaa4df37;p=openldap

clarify default access control policy
---

diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index 0bdbe73065..6ea1eab79d 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -42,10 +42,11 @@ argsfile	%LOCALSTATEDIR%/slapd.args
 #	by users read
 #	by anonymous auth
 #
-# if no access controls are present, the default policy is:
-#	Allow read by all
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
 #
-# rootdn can always write!
+# rootdn can always read and write EVERYTHING!
 
 #######################################################################
 # ldbm database definitions