In LDIF, to grant Example.com employees the right to add themselves to a group, you would write the following statement:
aci: (targettattr="member")(version 3.0; acl "Group Members"; allow (selfwrite) (userdn= "ldap:///uid=*,ou=People,dc=example,dc=com") ;) |
This example assumes that the ACI is added to the ou=Social Committee, dc=example,dc=com entry.