version: 1

dn: dc=domain,dc=example,dc=com
objectclass: top
objectclass: domain
administrativeRole: accessControlSpecificArea
dc: domain

dn: cn=domainAuthenticationRequirementsACISubentry,dc=domain,dc=example,dc=com
objectClass: accessControlSubentry
objectClass: subentry
objectClass: top
subtreeSpecification: { }
prescriptiveACI: { identificationTag "subtreeFullAccessACI", precedence 11, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { name { "uid=application,ou=bind,dc=domain,dc=example,dc=com" } }, userPermissions { { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDenials { grantCompare, grantBrowse, grantRename, grantRemove, grantAdd, grantRead, grantFilterMatch, grantReturnDN, grantModify } } } } }
prescriptiveACI: { identificationTag "allUsersACI", precedence 9, authenticationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems { attributeType { userPassword } }, grantsAndDenials { denyRead, denyFilterMatch, denyCompare } }, { protectedItems { entry, allUserAttributeTypesAndValues }, grantsAndDenials { grantCompare, grantBrowse,grantDiscloseOnError, grantRead, grantFilterMatch, grantReturnDN } } } } }
cn: domainAuthenticationRequirementsACISubentry

dn: ou=groups,dc=domain,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups

dn: ou=users,dc=domain,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users

dn: ou=bind,dc=domain,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: bind

dn: uid=admin,ou=users,dc=domain,dc=example,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
cn: system administrator
sn: administrator
displayName: Directory Superuser
uid: admin
userPassword: admin-secret

dn: uid=application,ou=bind,dc=domain,dc=example,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: person
objectClass: organizationalPerson
cn: application bind user
sn: administrator
displayName: Application User
uid: application
userPassword: app-secret