diff --git a/servers/slapd/config.c b/servers/slapd/config.c
index fa546aac22..abb5dab945 100644
--- a/servers/slapd/config.c
+++ b/servers/slapd/config.c
@@ -27,7 +27,7 @@
 int		defsize = SLAPD_DEFAULT_SIZELIMIT;
 int		deftime = SLAPD_DEFAULT_TIMELIMIT;
 AccessControl	*global_acl = NULL;
-int		global_default_access = ACL_READ;
+int		global_default_access = ACL_AUTH;
 int		global_readonly = 0;
 char		*replogfile;
 int		global_lastmod = ON;
diff --git a/servers/slapd/slapd.conf b/servers/slapd/slapd.conf
index 59be805b5b..e20c277be2 100644
--- a/servers/slapd/slapd.conf
+++ b/servers/slapd/slapd.conf
@@ -5,8 +5,13 @@
 #
 include		%SYSCONFDIR%/slapd.at.conf
 include		%SYSCONFDIR%/slapd.oc.conf
-schemacheck	off
 
+# Using ACLs to control access is wise.  When ACLs are used,
+# "defaultaccess none" is recommended (default is 'auth').
+defaultaccess read
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
 #referral	ldap://root.openldap.org
 
 pidfile		%LOCALSTATEDIR%/slapd.pid