220.127.116.11 - EntryACI
Entry ACI are access controls added to entries to protect that entry
specifically. Meaning the protected entry is the entry where the ACI
resides. When performing an operation on an entry, ApacheDS checks for the
presence of the multivalued operational attribute, entryACI. The values
of the entryACI attribute contain ACIItems.
There is one exception to the rule of consulting entryACI attributes within
ApacheDS: add operations do not consult the entryACI within the entry being
added. This is a security precaution. (??? Check this sentence) If allowed
users can arbitrarily add entries where they wanted by putting entryACI
into the new entry being added. This could compromise the DSA.