userattr = "parent[inheritance_level].attribute#bindType"
A comma separated list that indicates how many levels below the target should inherit the ACI. These levels below the targeted entry can be specified: [0,1,2,3,4]. Zero (0) indicates the targeted entry.
The attribute targeted by the userattr or groupattr keyword.
The type of bind can be USERDN or GROUPDN. Inheritance cannot be used with LDAPURL and ROLEDN binds.
The following example shows how the userattr keyword is used with the parent keyword for inheritance:
userattr = "parent[0,1].manager#USERDN"
This bind rule is evaluated to be true if the bindDN matches the manager attribute of the targeted entry. The permissions granted when the bind rule is evaluated to be true apply to the target entry and to all entries immediately below it.