Ticket https://fedorahosted.org/389/ticket/47553, is a 389-ds enhancement to allow a finer access control during a MODDN (new superior) operation. The use case being to allow/deny a bound user to move an entry from one specified part of the DIT to an other part.
This without the need to grant the ADD permission.

I started a design of it http://port389.org/wiki/Access_control_on_trees_specified_in_MODDN_operation. Comments are welcomed.

regards
thierry