You can provide multiple OIDs by separating them with two pipe characters, optionally surrounded by spaces. When specifying extended request OIDs, wildcards are not allowed.

The following ACI example allows the uid=user-mgr to use the password modify request, OID=, and the StartTLS, OID=, which are extended request OIDs.

aci:(extop=" ||")
  (version 3.0; acl "Allows the mgr to use the Password Modify Request and StartTLS;
   allow(read) userdn="ldap:///uid=user-mgr,ou=people,dc=example,dc=com";)