# normal installations should protect root dse, cn=monitor, cn=subschema
#
-access to dn.exact="" attr=objectClass
+access to dn.exact="" attrs=objectClass
by users read
access to *
by * read
#ldbm#index objectClass eq
#ldbm#index cn,sn,uid pres,eq,sub
-#access to attr=objectclass dn.subtree="dc=example,dc=com"
-access to attr=objectclass
+#access to attrs=objectclass dn.subtree="dc=example,dc=com"
+access to attrs=objectclass
by * =rsc stop
-#access to filter="(objectclass=person)" attr=userpassword dn.subtree="dc=example,dc=com"
-access to filter="(objectclass=person)" attr=userpassword
+#access to filter="(objectclass=person)" attrs=userpassword dn.subtree="dc=example,dc=com"
+access to filter="(objectclass=person)" attrs=userpassword
by anonymous auth
by self =wx
by dn.children="dc=example,dc=com" +d continue
by * stop
-#access to attr=member,uniquemember dn.subtree="dc=example,dc=com"
-access to attr=member,uniquemember
+#access to attrs=member,uniquemember dn.subtree="dc=example,dc=com"
+access to attrs=member,uniquemember
by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" selfwrite
by dnattr=member selfwrite
by dnattr=uniquemember selfwrite
by * read
-#access to attr=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com"
-access to attr=member,uniquemember filter="(mail=*com)"
+#access to attrs=member,uniquemember filter="(mail=*com)" dn.subtree="dc=example,dc=com"
+access to attrs=member,uniquemember filter="(mail=*com)"
by * read
#access to filter="(|(objectclass=groupofnames)(objectClass=groupofuniquenames))" dn.subtree="dc=example,dc=com"