We consider that if a tab has a "base" attribute it should add ACLs for
 those operational fields.
This is because we do not have other easy way to test if we are the main
 tab in generatePlProvidedAcls.
It may also avoid adding ACLs for this fields on objects which are not
 stored in LDAP since they are less likely to have a base attribute.

issue #6027