# Add permissions
dn: olcDatabase={1}mdb,cn=config
changetype: modify
delete: olcAccess
-
add: olcAccess
olcAccess: {0}to attrs=userPassword
    by group/groupOfNames/member="cn=admins,ou=groups,$BASE_DN" =wcdx
    by self write 
    by anonymous auth 
    by * none
olcAccess: {1}to attrs=shadowLastChange,cn,sn
    by self write 
    by * read
olcAccess: {2}to dn.subtree="$BASE_DN"
    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
    by group/groupOfNames/member="cn=admins,ou=groups,$BASE_DN" write
    by * read
olcAccess: {3}to * 
    by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
    by * read