To search the dc=example,dc=com base distinguished name (DN)
entry, run the ldapsearch tool.
Note:
The filter "(aci=*)" matches all aci
attributes under the base DN, and the aci attribute is
specified so that only it is returned. The cn=Directory
Manager bind DN has the privileges to view an access control
instruction (ACI).
$ bin/ldapsearch --baseDN dc=example,dc=com "(aci=*)" aciThe system displays the following ACI information.
dn: dc=example,dc=com
aci: (targetattr!="userPassword")
(version 3.0; acl "Allow anonymous read access for anyone";
allow (read,search,compare) userdn="ldap:///anyone";)
aci: (targetattr="*")
(version 3.0; acl "Allow users to update their own entries";
allow (write) userdn="ldap:///self";)
aci: (targetattr="*")
(version 3.0; acl "Grant full access for the admin user";
allow (all) userdn="ldap:///uid=admin,dc=example,dc=com";)