dn: ou=agents,dc=sun,dc=com objectClass: top objectClass: organizationalUnit dn: ou=groups,dc=sun,dc=com objectClass: top objectClass: organizationalUnit dn: ou=dsame users,dc=sun,dc=com objectClass: top objectClass: organizationalUnit dn: cn=dsameuser,ou=DSAME Users,dc=sun,dc=com objectclass: inetuser objectclass: organizationalperson objectclass: person objectclass: top cn: dsameuser sn: dsameuser userPassword: secret12 dn: cn=amldapuser,ou=DSAME Users,dc=sun,dc=com objectclass: inetuser objectclass: organizationalperson objectclass: person objectclass: top cn: amldapuser sn: amldapuser userPassword: secret123 dn:dc=sun,dc=com changetype:modify add:aci aci: (target="ldap:///dc=sun,dc=com")(targetattr="*")(version 3.0; acl "S1IS special dsame user rights for all under the root suffix"; allow (all) userdn = "ldap:///cn=dsameuser,ou=DSAME Users,dc=sun,dc=com"; ) dn:dc=sun,dc=com changetype:modify add:aci aci: (target="ldap:///dc=sun,dc=com")(targetattr="*")(version 3.0; acl "S1IS special ldap auth user rights"; allow (read,search) userdn = "ldap:///cn=amldapuser,ou=DSAME Users,dc=sun,dc=com"; )