The targetfilter clause has the following syntax.

(targetfilter = <ldap_filter>)

For example, the following clause targets all entries that contain the ou=engineering attribute.

(targetfilter = "(ou=engineering)")

You can only specify a single filter, but that filter can contain multiple elements combined with the OR operator. The following clause targets all entries that contain ou=engineering, ou=accounting, and ou=marketing.

(targetfilter = "(|(ou=engineering)(ou=accounting)(ou=marketing)")

The following example allows the user, uid=eng-mgr, to modify the departmentNumber, cn, and sn attributes for all entries that match the filter ou=engineering.

aci:(targetfilter="(ou=engineering)")
  (targetattr="departmentNumber||cn||sn")
  (version 3.0; acl "example"; allow (write) 
   userdn="ldap:///uid=eng-mgr,dc=example,dc=com";)