dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: to *
  by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
  by * break
olcAccess: to attrs=userPassword
  by self write
  by anonymous auth
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
olcAccess: to dn.base="c=au"
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by * read
olcAccess: to dn.regex="o=(.*),c=(.*)$" attrs=wsAccountContact
  by dnattr=wsAccountOwner read
  by self write
  by anonymous auth
  by dnattr=wsAccountOwner read
  by * read
olcAccess: to dn.regex="^o=(.*),c=(.*)$"
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" read
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
  by dn.regex="cn=.*,ou=People,o=$1,c=$2" read
  by dn.regex="cn=.*,ou=Robots,c=AU" read
  by * read
olcAccess: to dn.regex="ou=(People|Customers),o=(.*),c=(.*)$" attrs=mail,uid
  by self write
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
  by dn.regex="cn=.*,ou=Robots,c=AU" read
  by * search
olcAccess: to dn.regex="ou=(People|Customers),o=(.*),c=(.*)$" attrs=shadowLastChange
  by self write
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
  by dn.regex="cn=.*,ou=Robots,c=AU" read
olcAccess: to dn.regex="ou=(People|Customers|Applications),o=(.*),c=(. *)$" attrs=mail,uid,mailRoutingAddress,mailHost,entry
  by self write
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
  by * read
olcAccess: to dn.regex="ou=People,o=(.*),c=(.*)$"
  by self write
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
  by dn.regex="cn=.*,ou=People,o=$1,c=$2" read
  by dn.regex="cn=.*,ou=Robots,c=AU" read
  by * read
olcAccess: to dn.regex="ou=(Customers|Groups),o=(.*),c=(.*)$"
  by self write
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
  by dn.regex="cn=.*,ou=Robots,c=AU" read
olcAccess: to dn.regex="ou=Applications,o=(.*),c=(.*)$"
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
  by dnattr=uniqueMember read
  by dn.regex="cn=.*,ou=Robots,c=AU" read
olcAccess: to dn.regex="ou=DNS,o=(.*),c=(.*)$"
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
  by dn.regex="cn=.*,ou=Robots,c=AU" read
olcAccess: to dn.regex="ou=DSL,o=(.*),c=(.*)$"
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
  by dnattr=wsAccountOwner read
  by dn.regex="cn=.*,ou=Robots,c=AU" read
olcAccess: to dn.regex="ou=Hosts,o=(.*),c=(.*)$"
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
  by dn.regex="cn=.*,ou=Robots,c=AU" read
olcAccess: to dn.regex="ou=Network,o=(.*),c=(.*)$"
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
  by dn.regex="cn=.*,ou=Robots,c=AU" read
olcAccess: to dn.regex="ou=(.*),o=(.*),c=(.*)$" attrs=uniqueMember,member
  by self write
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$2,c=$3" write
  by dnattr=uniqueMember read
  by dn.regex="cn=.*,ou=Robots,c=AU" read
olcAccess: to dn.regex="ou=(.*),o=(.*),c=(.*)$"
  by self write
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by dn.regex="cn=.*,ou=Robots,c=AU" read
  by dnattr=wsAccountOwner read
olcAccess: to *
  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
  by * search
-
replace: olcAddContentAcl
olcAddContentAcl: FALSE
-
replace: olcLastMod
olcLastMod: TRUE
-
replace: olcMaxDerefDepth
olcMaxDerefDepth: 0
-
replace: olcReadOnly
olcReadOnly: FALSE
-
replace: olcMonitoring
olcMonitoring: FALSE