Group administration ACL

[Stephen <sdw@shineonline.co.nz>]

I'd like to allow a group of administrators to maintain a portion of the 
LDAP tree. The OpenLDAP document provides a hint on how to do this, but 
no examples, i.e.

       dnattr=<dn-valued attribute name

Here is an example of what I want to do ...
For instance with a goup of unique names:

dn: cn=Directory Administrators, ou=Groups, o=airius.com
cn: Directory Administrators
objectclass: top
objectclass: groupofuniquenames
ou: Groups
uniquemember: uid=kvaughan, ou=People, o=airius.com
uniquemember: uid=rdaugherty, ou=People, o=airius.com
uniquemember: uid=hmiller, ou=People, o=airius.com


The ACL commonly provided in slapd.conf is
  access to attr=userPassword
       by self write
       by anonymous auth
       by * none

So what would the ACL look like if access to userPassword was also 
allowed for everyone in the LDAP groupofuniquenames "Directory 
Administrators"?


Thank you.

Stephen