Openexchange Server: Version 4
/etc/openldap/slapd.conf
.# Define global ACLs to disable default read access. access to * by peername="ip=127\.0\..*\..*" read by peername="ip=192\.168\.0\.100" read by peername="ip=10\.10\..*\..*" read by users read by * none # Public Address Book access to dn.subtree="o=AddressBook,dc=suse,dc=com" by group="cn=AddressAdmins,o=AddressBook,dc=suse,dc=com" write by peername="ip=192\.168\.0\.100" read by peername="ip=10\.10\..*\..*" read by users read by * none # handle write access to the personal data (system address book) # - first look at the OpenLDAPaci attribute # - if that doesn't exist or the user-dn is not in the subject clause, # give write access to the owner of the entry and read acces to anyone else access to dn="uid=[^,]+,dc=suse,dc=com" attr=c,cn,telephoneNumber,facsimileTelephoneNumber,pager,title,givenname,sn,l,description,mail,street,postalCode,st,homePhone,ou,initials,mobile,labeledURI,preferredLanguage,entry,objectclass by aci write break by self write by users read by peername="ip=192\.168\.0\.100" read by peername="ip=10\.10\..*\..*" read by peername="ip=127\.0\.0\.1" read by * none
rcldap restart
man slapd.conf
and in the admin guide under http://www.openldap.org/doc/admin20/.
dc=suse,dc=com