dn: cn=manager,ou=aclroles,{{ base_dn }}
cn: manager
description: Give all rights on users in the given branch
objectClass: top
objectClass: gosaRole
gosaAclTemplate: 0:user/user;cmdrw,user/posixAccount;cmdrw

dn: cn=editowninfos,ou=aclroles,{{ base_dn }}
cn: editowninfos
description: Allow users to edit their own information (main tab and posix u
 se only on base)
objectClass: top
objectClass: gosaRole
gosaAclTemplate: 0:user/user;srw,user/posixAccount;srw

dn: cn=editownpwd,ou=aclroles,{{ base_dn }}
cn: editownpwd
description: Allow users to edit their own password (use only on base)
objectClass: top
objectClass: gosaRole
gosaAclTemplate: 0:user/user;s#userPassword;rw