From babc993ef7c95ac05c4f75370da1c9effaa4df37 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 18 Dec 2003 17:32:30 +0000
Subject: [PATCH] clarify default access control policy

---
 servers/slapd/slapd.conf | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index 0bdbe73065..6ea1eab79d 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -42,10 +42,11 @@ argsfile	%LOCALSTATEDIR%/slapd.args
 #	by users read
 #	by anonymous auth
 #
-# if no access controls are present, the default policy is:
-#	Allow read by all
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
 #
-# rootdn can always write!
+# rootdn can always read and write EVERYTHING!
 
 #######################################################################
 # ldbm database definitions
-- 
2.39.5