## Root Entry dn: dc=example,dc=com dc: example objectClass: top objectClass: domain aci: (targetattr != "userPassword || passwordHistory || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordAllowChangeTime ") (version 3.0; acl "Anonymous access"; allow (read, search, compare)userdn = "ldap:///anyone";) aci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || nsTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accountUnlockTime || passwordHistory || passwordAllowChangeTime")(version 3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes"; allow (write)userdn ="ldap:///self";) ## OUs dn: ou=Groups, dc=example,dc=com objectClass: top objectClass: organizationalunit ou: Groups dn: ou=People, dc=example,dc=com objectClass: top objectClass: organizationalunit ou: People aci: (targetattr ="userpassword || telephonenumber || facsimiletelephonenumber")(version 3.0;acl "Allow self entry modification";allow (write)(userdn = "ldap:///self");) ## Objectclasses ## Groups dn:cn=StaticGroup,ou=groups,dc=example,dc=com objectClass: top objectClass: groupofuniquenames uniqueMember: uid=lulrich, ou=People, dc=example,dc=com uniqueMember: uid=alutz, ou=People, dc=example,dc=com dn:cn=DynGroup,ou=groups,dc=example,dc=com objectClass: top objectClass: groupOfUrls memberURL: ldap:///ou=people,dc=example,dc=com??sub?(l=Santa Clara) # Users dn: uid=jcampai2, ou=People, dc=example,dc=com givenName: Jeffrey telephoneNumber: +1 408 555 7393 sn: Campaigne ou: Human Resources l: Santa Clara roomNumber: 1377 mail: jcampai2@example.com facsimileTelephoneNumber: +1 408 555 3372 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: jcampai2 cn: Jeffrey Campaigne userPassword: Welcome1 dn: uid=lulrich, ou=People, dc=example,dc=com givenName: Lee telephoneNumber: +1 408 555 8652 sn: Ulrich ou: Product Testing l: Sunnyvale roomNumber: 0985 mail: lulrich@example.com facsimileTelephoneNumber: +1 408 555 3825 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: lulrich cn: Lee Ulrich userPassword: Welcome1 dn: uid=mlangdon, ou=People, dc=example,dc=com givenName: Marcus telephoneNumber: +1 408 555 6249 sn: Langdon ou: Product Development l: Cupertino roomNumber: 4471 mail: mlangdon@example.com facsimileTelephoneNumber: +1 408 555 9332 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: mlangdon cn: Marcus Langdon userPassword: Welcome1 dn: uid=striplet, ou=People, dc=example,dc=com givenName: Stephen telephoneNumber: +1 408 555 4519 sn: Triplett ou: Human Resources l: Santa Clara roomNumber: 3083 mail: striplet@example.com facsimileTelephoneNumber: +1 408 555 4661 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: striplet cn: Stephen Triplett userPassword: Welcome1 dn: uid=gtriplet, ou=People, dc=example,dc=com givenName: Gern telephoneNumber: +1 408 555 2582 sn: Triplett ou: Accounting l: Sunnyvale roomNumber: 4023 mail: gtriplet@example.com facsimileTelephoneNumber: +1 408 555 3372 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: gtriplet cn: Gern Triplett userPassword: Welcome1 dn: uid=jfalena, ou=People, dc=example,dc=com givenName: John telephoneNumber: +1 408 555 8133 sn: Falena ou: Human Resources l: Santa Clara roomNumber: 1917 mail: jfalena@example.com facsimileTelephoneNumber: +1 408 555 7472 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: jfalena cn: John Falena userPassword: Welcome1