Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide


In LDIF, to grant the HR group all rights to the employee branch of the directory, you would use the following statement:

aci: (targetattr="*") (version 3.0; acl "HR"; allow (all)
  groupdn= "ldap:///cn=HRgroup,ou=Groups,dc=example,dc=com";)

This example assumes that the ACI is added to the following entry: