Here is my access control list:

======================
access to attr=userPassword
by self write
by anonymous auth
by * none break

access to *
by self write
by users read
by * none break

access to * by * read
======================

Everything works now with this ACL. However, I don't understand why I need the break's in there. If I don't have them, then I get an illegal user response like I used to get when LDAP wasn't working at all.

Can anyone explain to me why the break's work and without them they don't?