Here is my ACL, openldap is v2.4.4.
acl.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcAccess
olcAccess: to attrs=userPassword by dn="cn=Manager,dc=ad,dc=pthl,dc=hk" write by anonymous auth by self write by * none
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=Manager,dc=ad,dc=pthl,dc=hk" write by * read
and then I run
ldapmodify -Y EXTERNAL -H ldapi:/// -f acl.ldif
and I run
ldapsearch -x -b ou=people,dc=ad,dc=pthl,dc=hk "(&(objectClass=posixAccount)(uid=someone))" -h 172.16.234.11
which returns
# remove some lines
# .....
userPassword:: e1NTSEE1MTJ9MUpGdjcyd0w4aWJZRHd2eHpacVYyb1c4Q1p0Z0JrdDNpdWJDcU9
pVjhmNVQ2QkgzWVNLQnVmNU03bnVwNFB2Q2NiaHR3UGcxOW51VitLMitaUk9WY2JLT0NOMDROWGlG