version: 1 # entry-id: 1 dn: dc=example,dc=com dc: example objectClass: top objectClass: domain aci: (targetattr != "userPassword || passwordHistory || passwordExpirationTime || passwordExpWarned || passwordRetryCount || retryCountResetTime || accoun tUnlockTime || passwordAllowChangeTime ") (version 3.0; acl "Anonymous acces s"; allow (read, search, compare)userdn = "ldap:///anyone";) aci: (targetattr != "nsroledn || aci || nsLookThroughLimit || nsSizeLimit || n sTimeLimit || nsIdleTimeout || passwordPolicySubentry || passwordExpirationT ime || passwordExpWarned || passwordRetryCount || retryCountResetTime || acc ountUnlockTime || passwordHistory || passwordAllowChangeTime")(version 3.0; acl "Allow self entry modification except for nsroledn, aci, resource limit attributes, passwordPolicySubentry and password policy state attributes"; al low (write)userdn ="ldap:///self";) aci: (targetattr ="*")(version 3.0;acl "Directory Administrators Group";allow (all) (groupdn = "ldap:///cn=Directory Administrators, dc=example,dc=com");) # entry-id: 2 dn: cn=Directory Administrators, dc=example,dc=com objectClass: top objectClass: groupofuniquenames cn: Directory Administrators # entry-id: 3 dn: ou=Groups, dc=example,dc=com objectClass: top objectClass: organizationalunit ou: Groups # entry-id: 4 dn: ou=People, dc=example,dc=com objectClass: top objectClass: organizationalunit ou: People aci: (targetattr ="userpassword || telephonenumber || facsimiletelephonenumber ")(version 3.0;acl "Allow self entry modification";allow (write)(userdn = "l dap:///self");) aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Accounting)")(version 3.0;acl "Accounting Managers Group Permissions";allow (write)(groupdn = "ld ap:///cn=Accounting Managers,ou=groups,dc=example,dc=com");) aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Human Resources)")(ve rsion 3.0;acl "HR Group Permissions";allow (write)(groupdn = "ldap:///cn=HR Managers,ou=groups,dc=example,dc=com");) aci: (targetattr !="cn ||sn || uid")(targetfilter ="(ou=Product Testing)")(ver sion 3.0;acl "QA Group Permissions";allow (write)(groupdn = "ldap:///cn=QA M anagers,ou=groups,dc=example,dc=com");) aci: (targetattr !="cn || sn || uid")(targetfilter ="(ou=Product Development)" )(version 3.0;acl "Engineering Group Permissions";allow (write)(groupdn = "l dap:///cn=PD Managers,ou=groups,dc=example,dc=com");) # entry-id: 10 dn: cn=Directory Administrators, ou=Groups, dc=example,dc=com ou: Groups objectClass: top objectClass: groupofuniquenames uniqueMember: uid=kvaughan, ou=People, dc=example,dc=com uniqueMember: uid=rdaugherty, ou=People, dc=example,dc=com uniqueMember: uid=hmiller, ou=People, dc=example,dc=com cn: Directory Administrators # entry-id: 11 dn: uid=jjones, ou=People, dc=example,dc=com givenName: Jim telephoneNumber: +1 408 555 6505 sn: Jones ou: Product Development l: Santa Clara roomNumber: 1327 mail: jjones@example.com facsimileTelephoneNumber: +1 408 555 4774 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: jjones cn: Jim Jones userPassword: Welcome1 # entry-id: 12 dn: uid=jwillamson, ou=People, dc=example,dc=com givenName: James telephoneNumber: +1 408 555 4234 sn: Williamson ou: Product Development l: Santa Clara roomNumber: 1205 mail: jwilliamson@example.com facsimileTelephoneNumber: +1 408 555 9332 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: jwilliamson cn: James Williamson userPassword: Welcome1 # entry-id: 13 dn: uid=dalexander, ou=People, dc=example,dc=com givenName: Dave telephoneNumber: +1 408 555 9972 sn: Alexander ou: Payroll l: Santa Clara manager: uid=dalexander,ou=people,dc=example,dc=com roomNumber: 0466 mail: daelxander@example.com facsimileTelephoneNumber: +1 408 555 3372 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: dalexander cn: David Alexander userPassword: Welcome1 # entry-id: 14 dn: uid=asales, ou=People, dc=example,dc=com givenName: Tony telephoneNumber: +1 408 555 9804 sn: Sales ou: Human Resources l: Santa Clara roomNumber: 4304 mail: asales@example.com facsimileTelephoneNumber: +1 408 555 9332 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: asales cn: Anthony Sales userPassword: Welcome1 # entry-id: 15 dn: uid=sthurston, ou=People, dc=example,dc=com givenName: Scott telephoneNumber: +1 408 555 7393 sn: Thurston ou: Human Resources l: Santa Clara roomNumber: 1377 mail: sthurston@example.com facsimileTelephoneNumber: +1 408 555 3372 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: sthurston cn: Scott Thurston userPassword: welcome1 # entry-id: 16 dn: uid=ikral, ou=People, dc=example,dc=com givenName: Ivan telephoneNumber: +1 408 555 8652 sn: Kral ou: Product Testing l: Sunnyvale roomNumber: 0985 mail: ikral@example.com facsimileTelephoneNumber: +1 408 555 3825 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: ikral cn: Ivan Kral userPassword: Welcome1 # entry-id: 17 dn: uid=bandrews, ou=People, dc=example,dc=com givenName: Barry telephoneNumber: +1 408 555 6249 sn: Andrews ou: Product Development l: Cupertino roomNumber: 4471 mail: bandrews@example.com facsimileTelephoneNumber: +1 408 555 9332 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: bandrews cn: Barry Andrews userPassword: Welcome1 # entry-id: 18 dn: uid=sjones, ou=People, dc=example,dc=com givenName: Steve telephoneNumber: +1 408 555 4519 sn: Jones ou: Human Resources l: Santa Clara roomNumber: 3083 mail: sjones@example.com facsimileTelephoneNumber: +1 408 555 4661 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: sjones cn: Steven Jones userPassword: Welcome1 # entry-id: 19 dn: uid=amccoy, ou=People, dc=example,dc=com givenName: Andy telephoneNumber: +1 408 555 2582 sn: McCoy ou: Accounting l: Sunnyvale roomNumber: 4023 mail: amccoy@example.com facsimileTelephoneNumber: +1 408 555 3372 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: amccoy cn: Andrew McCoy userPassword: Welcome1 # entry-id: 20 dn: uid=rasheton, ou=People, dc=example,dc=com givenName: Ron telephoneNumber: +1 408 555 8133 sn: Asheton ou: Human Resources l: Santa Clara roomNumber: 1917 mail: rasheton@example.com facsimileTelephoneNumber: +1 408 555 7472 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: rasheton cn: Ronald Asheton userPassword: Welcome1