You can remove an ACI by specifying its value in an LDIF file, and then removing the value with the ldapmodify command.
The following sample LDIF file (remove-aci.ldif) removes the ACI that was added in the previous procedure:
dn: ou=people,dc=example,dc=com changetype: modify delete: aci aci: (targetattr="*")(version 3.0; acl "give csmith full rights"; allow(all) userdn = "ldap:///uid=csmith,ou=People,dc=example,dc=com";)
The following command applies the changes contained in the remove-aci.ldif file to the directory:
$ ldapmodify -h localhost -p 1389 -D "cn=Directory Manager" -w password \ --filename remove-aci.ldif Processing MODIFY request for ou=people,dc=example,dc=com MODIFY operation successful for DN ou=people,dc=example,dc=com