uid=user1 and uid=user6 are company1's administrators, so they can write in whole o=company1 subtree
Might be best to make an LDAP group with those users as members, and then write an ACL based off of that group for its specific privileges.
--Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>