# Calculate format=ldap path=/etc/openldap chmod=0640 chown=root:ldap append=join

# Доступ к аттрибуту userPassword
access to attrs=userPassword
    by self read
    by * auth

# Доступ к остальным веткам сервисов
access to dn.regex=".*ou=([^,]+),#-ld_services_dn-#$"
    by dn="#-ld_admin_dn-#" write
    by dn.regex="ou=$1,#-ld_services_dn-#" write
    by * none

# Закрываем доступ к веткам
access to dn.regex=".*,#-ld_services_dn-#"
    by dn="#-ld_admin_dn-#" write
    by * none

# Доступ ко всем аттрибутам
access to *
    by dn="#-ld_admin_dn-#" write
    by self write
    by * read