# Anonymous users should only be able to see SME users and groups for addressbook purpose
# Prevent access to system, dummy and machine accounts

access to dn.subtree=ou=Users,{ esmith::util::ldapBase ($DomainName); } filter=(!(objectClass=inetOrgPerson))
        by users	peername.ip="127.0.0.1"	read
        by users	ssf=128	read
        by anonymous	none

access to dn.subtree=ou=Groups,{ esmith::util::ldapBase ($DomainName); } filter=(!(objectClass=mailboxRelatedObject))
        by users        peername.ip="127.0.0.1" read
        by users        ssf=128 read
        by anonymous	none

access to dn.subtree=ou=Computers,{ esmith::util::ldapBase ($DomainName); }
        by users        peername.ip="127.0.0.1" read
        by users        ssf=128 read
        by anonymous	none

