• Use ldapsearch to search the dc=example,dc=com base DN entry. The filter "(aci=*)" matches all aci attributes under the base DN, and the aci attribute is specified so that only it is returned. The cn=Directory Manager bind DN has the privileges to view an ACI.
    $ bin/ldapsearch --baseDN dc=example,dc=com "(aci=*)" aci
    dn: dc=example,dc=com 
    aci: (targetattr!="userPassword")
      (version 3.0; acl "Allow anonymous read access for anyone"; 
        allow (read,search,compare) userdn="ldap:///anyone";) 
    aci: (targetattr="*")
      (version 3.0; acl "Allow users to update their own entries";
        allow (write) userdn="ldap:///self";) 
    aci: (targetattr="*")
      (version 3.0; acl "Grant full access for the admin user";
        allow (all) userdn="ldap:///uid=admin,dc=example,dc=com";)