aci: (target=”ldap:///$rootSuffix”) (targetfilter=(!(objectclass=sunServiceComponent))) (targetattr != “userPassword||passwordHistory ||passwordExpirationTime||passwordExpWarned||passwordRetryCount ||retryCountResetTime||accountUnlockTime||passwordAllowChangeTime”) (version 3.0; acl “anonymous access rights”; allow (read,search,compare) userdn = “ldap:///anyone”; )
Analysis: This ACI, which is on the root, allows the same access as the original collection of anonymous ACIs. It does this by listing a set of excluded attributes. This replacement ACI improves performance by eliminating the (*) in the target.