dn: dc=example,dc=com
dc: example
objectClass: top
objectClass: domain
aci: (targetattr != "userPassword || passwordHistory || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordAllowChangeTime ") (version 3.0; acl "Anonymous access"; allow (read, search, compare)userdn = "ldap:///anyone";)
aci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime")(version 3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes"; allow (write)userdn ="ldap:///self";)

dn: ou=People, dc=example,dc=com
objectClass: top
objectClass: organizationalunit
ou: People
aci: (targetattr ="userpassword ")(version 3.0;acl "Allow self entry modification";allow (write)(userdn = "ldap:///self");)


dn: ou=Groups,dc=example,dc=com
objectClass: top
objectClass: organizationalunit
ou: Groups

dn:cn=radiusAdmin,ou=groups,dc=example,dc=com
objectClass: top
objectClass: groupofuniquenames
uniqueMember: uid=radadmin1, ou=People, dc=example,dc=com

dn: cn=employees_group,ou=Groups,dc=example,dc=com
uniqueMember: uid=user1,ou=People,dc=example,dc=com
uniqueMember: uid=user2,ou=People,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: employees_group

dn: cn=admins_group,ou=Groups,dc=example,dc=com
uniqueMember: uid=user3,ou=People,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: admins_group

dn:uid=radadmin1,ou=People,dc=example,dc=com
objectclass: top
objectClass: organizationalperson
objectClass: person
objectclass: inetorgperson
cn:radadmin1
sn:admin1
uid:radadmin1
userPassword: pwd

dn:uid=user1,ou=People,dc=example,dc=com
objectclass: top
objectClass: organizationalperson
objectClass: person
objectclass: inetorgperson
cn:user1
uid:user1
sn:user1
userPassword: pwd

dn:uid=user2,ou=People,dc=example,dc=com
objectclass: top
objectClass: organizationalperson
objectClass: person
objectclass: inetorgperson
cn:user2
uid:user2
sn:user2
userPassword: pwd

dn:uid=user3,ou=People,dc=example,dc=com
objectclass: top
objectClass: organizationalperson
objectClass: person
objectclass: inetorgperson
cn:user3
uid:user3
sn:user3
userPassword: pwd