diff --git a/site-cookbooks/kosmos-dirsrv/files/users.ldif b/site-cookbooks/kosmos-dirsrv/files/users.ldif
index 136fd00..3ae1306 100644
--- a/site-cookbooks/kosmos-dirsrv/files/users.ldif
+++ b/site-cookbooks/kosmos-dirsrv/files/users.ldif
@@ -1,6 +1,12 @@
+# kosmos.org
+dn: dc=kosmos,dc=org
+objectClass: top
+objectClass: domain
+dc: kosmos
+aci: (target="ldap:///dc=kosmos,dc=org") (version 3.0; acl "user-deny-all"; deny (all) userdn="ldap:///dc=kosmos,dc=org";)
+aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "user-write-own-password"; allow (write) userdn="ldap:///self";)
+
 dn: ou=users,dc=kosmos,dc=org
 objectClass: top
 objectClass: organizationalUnit
 ou: users
-aci: (target="ldap:///dc=kosmos,dc=org") (version 3.0; acl "user-deny-all"; deny (all) userdn="ldap:///dc=kosmos,dc=org";)
-aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "user-write-own-password"; allow (write) userdn="ldap:///self";)