diff --git a/roles/krb5-kdc-ldap/templates/kadm5.acl.j2 b/roles/krb5-kdc-ldap/templates/kadm5.acl.j2
index 54c6636..5e9c641 100644
--- a/roles/krb5-kdc-ldap/templates/kadm5.acl.j2
+++ b/roles/krb5-kdc-ldap/templates/kadm5.acl.j2
@@ -1,4 +1,2 @@
-## access controls for the Kerberos KDC
+## access control for the Kerberos KDC
 root/admin@{{ ansible_domain | upper }} *
-*@{{ ansible_domain | upper }} cil
-*/*@{{ ansible_domain | upper }} i