# Beatles example OpenLDAP access control rules

access to attrs=userPassword
	by self write
	by anonymous auth
	by * none

access to filter=(objectclass=groupofnames)
	attrs=member
	by dnattr=owner write
	by * read

access to filter=(objectclass=organization)
	by dnattr=seealso write
	by * read

access to filter=(objectclass=dnsdomain)
	by dnattr=associatedname write
	by * read

access to dn.sub="ou=Beatles,ou=People,o=mentata.com"
	attrs=description,labeleduri,homepostaladdress,postalcode,roomnumber,homephone,mail,employeetype,seealso,secretary,preferredlanguage
	by self write
	by * read

access to * 
	by * read