This page allows you to edit or create a single access control rule.
The first section Objects being granted determines which DNs in
your database the rule will apply to. You can either select All objects
for the entire database, or Object with DN for objects matching whatever
you enter into the adjacent field.
The match type menu determines if the rule applies to just this object,
those under it, or if the DN is treated as a regular expression. You can also
further control which objects are granted by entering an LDAP filter into the
Limit with object filter field, like (objectClass=posixAccount).
The second part of the page is a table for selecting which LDAP users have
access to the objects. You can either select several general user classes from
the Grant access to menu, or choose Other and enter a specific
DN.
The Access level menu determines what these users can do with the
objects. The lower more powerful levels imply all of those above them, so a
user with Write access can also Read and Search.