Code:
olcAccess: {0}to attrs=userPassword by anonymous auth by dn.children="cn=adm
ins,cn=zimbra" write
olcAccess: {1}to dn.subtree="cn=zimbra" by dn.children="cn=admins,cn=zimbra"
write
olcAccess: {2}to attrs=zimbraZimletUserProperties,zimbraGalLdapBindPassword,zi
mbraGalLdapBindDn,zimbraAuthTokenKey,zimbraPreAuthKey,zimbraPasswordHistory,z
imbraIsAdminAccount,zimbraAuthLdapSearchBindPassword by dn.children="cn=admi
ns,cn=zimbra" write by * none
olcAccess: {3}to attrs=objectclass by dn.children="cn=admins,cn=zimbra" write
by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by dn.base="uid=zmam
avis,cn=appaccts,cn=zimbra" read by * read
olcAccess: {4}to attrs=@amavisAccount by dn.children="cn=admins,cn=zimbra" wr
ite by dn.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break
olcAccess: {5}to attrs=mail by dn.children="cn=admins,cn=zimbra" write by dn
.base="uid=zmamavis,cn=appaccts,cn=zimbra" read by * +0 break
olcAccess: {6}to attrs=zimbraAllowFromAddress by dn.children="cn=admins,cn=zi
mbra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" read by * none
olcAccess: {7}to filter="(!(zimbraHideInGal=TRUE))" attrs=cn,co,company,dc,di
splayName,givenName,gn,initials,l,mail,o,ou,physicalDeliveryOfficeName,postal
Code,sn,st,street,streetAddress,telephoneNumber,title,uid by dn.children="cn
=admins,cn=zimbra" write by dn.base="uid=zmpostfix,cn=appaccts,cn=zimbra" re
ad by * read
olcAccess: {8}to attrs=zimbraId,zimbraMailAddress,zimbraMailAlias,zimbraMailCa
nonicalAddress,zimbraMailCatchAllAddress,zimbraMailCatchAllCanonicalAddress,z
imbraMailCatchAllForwardingAddress,zimbraMailDeliveryAddress,zimbraMailForwar
dingAddress,zimbraPrefMailForwardingAddress,zimbraMailHost,zimbraMailStatus,z
imbraMailTransport,zimbraDomainName,zimbraDomainType,zimbraPrefMailLocalDeliv
eryDisabled by dn.children="cn=admins,cn=zimbra" write by dn.base="uid=zmpo
stfix,cn=appaccts,cn=zimbra" read by * read
olcAccess: {9}to attrs=entry by dn.children="cn=admins,cn=zimbra" write by *
read hope this helps ..