clearly indicate what the default rules are

a9f2f12b · Pierangelo Masarati · ff871313 · a9f2f12b · a9f2f12b
Commit a9f2f12b authored 20 years ago by Pierangelo Masarati
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -52,6 +52,11 @@ directives are defined for a backend or those which are defined are
 not applicable, the directives from the global configuration section
 are then used.
 .LP
+If no access controls are present, the default policy
+allows anyone and everyone to read anything but restricts
+updates to rootdn.  (e.g., "access to * by * read").
+The rootdn can always read and write EVERYTHING!
+.LP
 For entries not held in any backend (such as a root DSE), the
 directives of the first backend (and any global directives) are
 used.

--- a/doc/man/man5/slapd.conf.5
+++ b/doc/man/man5/slapd.conf.5
@@ -79,6 +79,10 @@ actual text are shown in brackets <>.
 Grant access (specified by <access>) to a set of entries and/or
 attributes (specified by <what>) by one or more requestors (specified
 by <who>).
+If no access controls are present, the default policy
+allows anyone and everyone to read anything but restricts
+updates to rootdn.  (e.g., "access to * by * read").
+The rootdn can always read and write EVERYTHING!
 See
 .BR slapd.access (5)
 and the "OpenLDAP's Administrator's Guide" for details.