With ForgeRock Common Audit, client applications communicate a ForgeRock transaction ID over LDAP by using the TransactionID request control with OID 126.96.36.199.4.1.367188.8.131.52.1.
It would be nice to have this OID in the global-aci for "Anonymous control access".
The upside is that it makes it easier to transmit transaction IDs to OpenDJ. You don't have to remember to allow access to this control, which is in a com.forgerock package and so only documented in code.
One downside is that any client could send a FR transaction ID request control. If the advanced global parameter to trust transaction IDs has been set, and the global-aci is not edited for production use, this could lead to common audit event handlers trusting arbitrary IDs sent by clients.