|Generally one should start with a basic ACLs such as:|
access to attr=userpassword
by self =xw
by anonymous auth
The first ACL allows users to update (but not read) their passwords,
anonynmous users to authenticate against this attribute, and
(implicitly) denying all access to others.
access to *
by self write
by users read
The second ACL allows users full access to their entry,
authenticated users read access to anything, and (implicitly)
denying all access to others (in this case, anonymous users).