# database replication
access to *
        by dn="uid=replicator,cn=config,<%= name %>" read
        by * break

# allow everyone to get naming context
access to dn.base=""
        by * read

# allow everyone to get directory root object
access to dn.base="<%= name %>"
        by * read

# schema browsing requires authentication
access to dn.base="cn=Subschema"
        by users read
        by anonymous auth
        by * none

# restrict user password
access to attrs=userPassword
        by self write
        by anonymous auth
        by * none

# allow logged in users to read rest of data
access to *
        by self read
        by users read
        by anonymous auth
        by * none