ACI 1 example:
aci=(target="ldap:///o=suborg,dc=iplanet,dc=com") (targetfilter=(!(|(nsroledn=cn=Top-level Admin Role,dc=iplanet,dc=com) (nsroledn=cn=Top-level Help Desk Admin Role,dc=iplanet,dc=com) (nsroledn=cn=Organization Admin Role,o=suborg,dc=iplanet,dc=com)))) (targetattr = "*")(version 3.0; acl "Organization Policy Admin access allow"; allow (read,search) roledn = "ldap:///cn=Organization Policy Admin Role,o=suborg,dc=iplanet,dc=com";) aci=(target="ldap:///ou=services,*o=suborg,dc=iplanet,dc=com")(targetattr = "*") (version 3.0; acl "Organization Policy Admin Role access allow"; allow (all) roledn = "ldap:///cn=Organization Policy Admin Role,o=suborg,dc=iplanet,dc=com";)
ACI 2 example:
aci=(target="ldap:///ou=iPlanetAMAuthService,ou=services, *o=suborg,dc=iplanet,dc=com") (targetattr = "*") (version 3.0; acl "Organization Policy Admin Role access Auth Service deny"; deny (add,write,delete) roledn = "ldap:///cn=Organization Policy Admin Role,o=suborg,dc=iplanet,dc=com";
ACI 3 example:
aci=(target="ldap:///o=suborg,dc=iplanet,dc=com") (targetfilter="(objectclass=sunmanagedorganization)") (targetattr = "sunRegisteredServiceName") (version 3.0; acl "Organization Policy Admin Role access allow"; allow (read,write,search) roledn = "ldap:///cn=Organization Policy Admin Role,o=suborg,dc=iplanet,dc=com";)