The following restrictions apply to ACIs
Access control rules are always evaluated on the local server. You must not specify the hostname or port number of the server in LDAP URLs used in ACI keywords.
You cannot grant a user the right to proxy as the Directory Manager, nor can you grant proxy rights to the Directory Manager.
The cache settings used for ensuring that the server fits the physical memory available do not apply to ACI caches, which means that an excessive number of ACIs may saturate available memory.