- EntryACI

Entry ACI are access controls added to entries to protect that entry specifically. Meaning the protected entry is the entry where the ACI resides. When performing an operation on an entry, ApacheDS checks for the presence of the multivalued operational attribute, entryACI. The values of the entryACI attribute contain ACIItems.

There is one exception to the rule of consulting entryACI attributes within ApacheDS: add operations do not consult the entryACI within the entry being added. This is a security precaution. (??? Check this sentence) If allowed users can arbitrarily add entries where they wanted by putting entryACI into the new entry being added. This could compromise the DSA.