dn: olcDatabase={2}mdb,cn=config
changeType: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange
  by self write
  by anonymous auth
  by dn="cn=ldapui,ou=applications,$LDAPROOT" write
  by dn="$BINDDN" write
  by * none
olcAccess: {1}to dn.subtree="$LDAPROOT"
  by self read
  by dn="cn=ldapui,ou=applications,$LDAPROOT" read
  by dn="cn=postfix,ou=applications,$LDAPROOT" read
  by dn="cn=mattermost,ou=applications,$LDAPROOT" read
  by dn="cn=cloud,ou=applications,$LDAPROOT" read
  by dn="cn=mobilizon,ou=applications,$LDAPROOT" read
  by dn="$BINDDN" write
  by * none
olcAccess: {2}to *
  by dn="$BINDDN" write
  by * none