clarify global ACL use

clarify root and subschema DSE ACLs

clarify global ACL use
63efc417 · Kurt Zeilenga · 3b147e92 · 63efc417
Commit 63efc417 authored 22 years ago by Kurt Zeilenga
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -40,16 +40,20 @@ is as follows:
    ...
 .fi
 .LP
-Both the global configuration and each backend-specific section can contain
-access information.
-Backend-specific access control directives are used for those entries
-that belong to the backend, according to their naming context.
-In case no access control directives are defined for a backend, 
-the appropriate directives from the global configuration section
-are used.
-.LP
-Arguments that should be replaced by actual text are shown in brackets <>.
-The structure of the access control directives is
+Both the global configuration and each backend-specific section can
+contain access information.  Backend-specific access control
+directives are used for those entries that belong to the backend,
+according to their naming context.  In case no access control
+directives are defined for a backend or those which are defined are
+not applicable, the directives from the global configuration section
+are then used.
+.LP
+For entries not held in any backend (such as a root DSE), the
+directives of the first backend (and any global directives) are
+used.
+.LP
+Arguments that should be replaced by actual text are shown in
+brackets <>.  The structure of the access control directives is
 .TP
 .B access to <what> "[ by <who> <access> [ <control> ] ]+"
 Grant access (specified by