In an ACI statement, permissions use the following syntax:
where rights is a list of comma-separated keywords enclosed within parentheses. Valid keywords are read, write, add, delete, search, compare, selfwrite, proxy, import, export, or all.
The all access right does not give the following rights to the target entry: proxy, import, and export.
In the following example, read, search, and compare access is allowed, provided that the bind rule is evaluated to be true:
aci: (target="ldap:///dc=example,dc=com") (version 3.0;acl \ "example"; allow (read, search, compare) bindRule;)