From 9ba68f902da574386954f90d17f920d740f23b58 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Mon, 18 Jul 2005 17:24:07 +0000
Subject: [PATCH] provide a useful example

---
 doc/man/man5/slapd.access.5 | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5
index 8eea8a1b8d..7413ee6e07 100644
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -806,6 +806,25 @@ or the (even more silly) example
 .LP
 which grants everybody search and compare privileges, and adds read
 privileges to authenticated clients.
+.LP
+One useful application is to easily grant write privileges to an
+.B updatedn
+that is different from the
+.BR rootdn .
+In this case, since the
+.B updatedn
+needs write access to (almost) all data, one can use
+.LP
+.nf
+	access to *
+		by dn.exact="cn=The Update DN,dc=example,dc=com" write
+		by * break
+.fi
+.LP
+as the first access rule.
+As a consequence, unless the operation is performed with the 
+.B updatedn
+identity, control is passed straight to the subsequent rules.
 .SH OPERATION REQUIREMENTS
 Operations require different privileges on different portions of entries.
 The following summary applies to primary database backends such as
-- 
2.39.5