If the server is running with less than the intended set of access control instructions (ACIs), it might prevent access to data that should be allowed or grant access to data that should be restricted. In DSEE, if the server encounters a malformed access control rule (ACR), it ignores the rule. This can cause the server to run with less than the intended set of ACIs. To guard against this, the Server is more strict about the ACRs that it accepts.
When performing an LDIF import, the Server
rejects any entry containing a malformed or unsupported ACR. The Server also rejects any
modify request that attempts to create an invalid ACI.
In the unlikely event that a malformed ACI is accepted into the data, the server
immediately places itself in lockdown mode. In lockdown mode, the server terminates
connections and rejects requests from users without the
privilege. Lockdown mode allows an administrator to correct the problem without risking
exposure to user data.
To review any rejected ACIs, run the import-ldif tool with the --rejectFile option.