dn: cn=Manager,cn=department1,ou=employee,dc=example,dc=com
cn: Manager
cn: department1
cn: name
uid: name
title: manager
dn: cn=employee1,cn=department1,ou=employee,dc=example,dc=com
cn: employee1
cn: department1
cn: name
uid: name
title: engineer
## department1的Manager可以wirte本部门的所有customer信息
##所有员工都可以write自己的customer记录
##所有用户具有read权限
access to dn.subtree="ou=customer,dc=example,dc=com" filter=(cn=department1)
by dn="cn=Manager,cn=department1,ou=employee,dc=example,dc=com" write
by self write
by users read
## department2的Manager可以wirte本部门的所有customer信息
##所有员工都可以write自己的customer记录
##所有用户具有read权限
access to dn.subtree="ou=customer,dc=example,dc=com" filter=(cn=department2)
by dn="cn=Manager,cn=department2,ou=employee,dc=example,dc=com" write
by self write
by users read
## department3的Manager可以wirte本部门的所有customer信息
##所有员工都可以write自己的customer记录
##所有用户具有read权限
access to dn.subtree="ou=customer,dc=example,dc=com" filter=(cn=department3)
by dn="cn=Manager,cn=department2,ou=employee,dc=example,dc=com" write
by self write
by users read