Better explanation of when access control processing stops

doc/man/man5/slapd.access.5

@@ -95,6 +95,8 @@ clause matches the accessor's properties, its
 and
 .B <control>
 clauses are evaluated.
+
+.LP
 Access control checking stops at the first match of the
 .B <what>
 and
@@ -110,8 +112,26 @@ clause list is implicitly terminated by a
 	by * none stop
 .fi
 .LP
-clause that results in stopping the access control with no access 
-privileges granted.
+.B <control>
+clause.  This implicit
+.B <control>
+stops access directive evaluation with no more access privileges
+granted to anyone else.
+To stop access directive evaluation only when both
+.B <who>
+and
+.B <what>
+match, add an explicit
+.LP
+.nf
+	by * break
+.fi
+.LP
+to the end of the
+.B <who>
+clause list.
+
+.LP
 Each
 .B <what>
 clause list is implicitly terminated by a