Initializing ACLs with schema entry
When the LDAP server is started for the first time, the LDAP server creates the LDAP server
schema entry, cn=schema
. The entry is created with the same initial ACL as a TDBM
or LDBM suffix that allows read access to anyone. Therefore, only an LDAP root or schema
administrator can update the schema. The aclEntry and entryOwner
values can be modified.