diff --git a/site-cookbooks/kosmos-dirsrv/files/users.ldif b/site-cookbooks/kosmos-dirsrv/files/users.ldif
index 5055e99..136fd00 100644
--- a/site-cookbooks/kosmos-dirsrv/files/users.ldif
+++ b/site-cookbooks/kosmos-dirsrv/files/users.ldif
@@ -2,3 +2,5 @@ dn: ou=users,dc=kosmos,dc=org
 objectClass: top
 objectClass: organizationalUnit
 ou: users
+aci: (target="ldap:///dc=kosmos,dc=org") (version 3.0; acl "user-deny-all"; deny (all) userdn="ldap:///dc=kosmos,dc=org";)
+aci: (target="ldap:///dc=kosmos,dc=org")(targetattr="userPassword") (version 3.0; acl "user-write-own-password"; allow (write) userdn="ldap:///self";)
diff --git a/site-cookbooks/kosmos-dirsrv/metadata.rb b/site-cookbooks/kosmos-dirsrv/metadata.rb
index 74140a1..b022a52 100644
--- a/site-cookbooks/kosmos-dirsrv/metadata.rb
+++ b/site-cookbooks/kosmos-dirsrv/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email 'mail@kosmos.org'
 license 'MIT'
 description 'Installs/Configures 389 Directory Server'
 long_description 'Installs/Configures 389 Directory Server'
-version '0.1.1'
+version '0.1.2'
 chef_version '>= 14.0'
 
 depends "firewall"