Add comment warn about unprotected root dse, cn=config, ....

tests/data/slapd-acl.conf

@@ -4,12 +4,15 @@
 include		./data/slapd.at.conf
 include		./data/slapd.oc.conf
 schemacheck	off
+pidfile     ./test-db/slapd.pid
+argsfile    ./test-db/slapd.args
 
 #######################################################################
 # ldbm database definitions
 #######################################################################
 
 database	ldbm
+cachesize	0
 suffix		"o=University of Michigan, c=US"
 directory	./test-db
 rootdn		"cn=Manager, o=University of Michigan, c=US"
@@ -18,19 +21,31 @@ index		cn,sn,uid	pres,eq,approx
 index		default		none
 lastmod		on
 defaultaccess	none
+
+#
+# normal installations should protect root dse,
+# cn=monitor, cn=schema, and cn=config
+#
+
 access		to attr=objectclass
 		by * read
-access		to attr=userpassword
+
+access		to filter="objectclass=person" attr=userpassword
 		by self write
-		by * compare
-access		to dn=".*,ou=Alumni Association,ou=People,o=University of Michigan,c=US"
-		by dn=".*,o=University of Michigan,c=US"
-		read
+		by anonymous auth
 		by * none
+
+access		to dn="^.*,ou=Alumni Association,ou=People,o=University of Michigan,c=US$"
+		by dn="^.*,o=University of Michigan,c=US$" read
+		by anonymous auth
+		by * none
+
 access		to attr=member
 		by dnattr=member selfwrite
 		by * read
+
 access		to filter="objectclass=rfc822mailgroup"
 		by dn="Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" write
 		by * read
+
 access		to * by * read