Access controls on LDAP attributes

The schema sets restrictions (via an ACI) on which attributes even in his or her "own" entry an end user is allowed to modify. Reassigning the MTA&#x27;s interpretation of LDAP attributes via MTA options does not,  itself, affect such LDAP schema restrictions; so when reassigning end-user-modifiable LDAP attributes, be sure to also update your schema ACIs correspondingly. Also, when adding new attributes to the schema (and then making them known to the MTA via MTA options), consider in each case whether or not the new attribute should be end-user-modifiable (and in some cases consider whether the new attribute should even be  end-user-visible), and when appropriate set an ACI to achieve the proper effect.

See also:
 * Direct LDAP attribute name MTA options