In LDIF, to grant Company333 full access to its own branch of the directory under the conditions stated previously, you would write the following statement:
aci: (targetattr = "*") (version 3.0; acl "Company333"; allow (all) (roledn="ldap:///cn=DirectoryAdmin,ou=Company333, ou=corporate clients,dc=example,dc=com") and (authmethod="ssl") and (dayofweek="Mon,Tues,Wed,Thu") and (timeofday >= "0800" and timeofday <= "1800") and (ip="255.255.123.234"); ) |
This example assumes that the ACI is added to the ou=Company333,ou=corporate clients,dc=example,dc=com entry.