access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
by dn.regex=".+,dc=example,dc=com" +c continue
by dn.subtree="dc=example,dc=com" +rs continue
+ by dn.children="dc=example,dc=com" +d continue
by * stop
#access to attr=member,uniquemember dn.subtree="dc=example,dc=com"
access to filter="(name=X*Y*Z)"
by * continue
+access to dn.subtree="ou=Add/Delete,dc=example,dc=com"
+ by dn.exact="cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" add
+ by dn.exact="cn=Barbara Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com" delete
+ by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" write
+ by * read
+
# fall into global ACLs
#monitor#database monitor