The last attempt with my ACLs:
access to * by dn="cn=admin,dc=nodomain" write by self write by * read
access to dn.regex="ou=Address Book,uid=([^,]+),ou=([^,]+),dc=nodomain$" attrs=entry,children,@inetorgperson by dn.exact,expand="uid=$1,ou=$2,dc=nodomain" write
access to dn.regex="ou=Address Book,uid=([^,]+),ou=([^,]+),dc=nodomain$" attrs=entry by dn.exact,expand="uid=$1,ou=$2,dc=nodomain" read
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html