Access configuration for Open Directory

I'm trying to do a form of tiered administration whereby a certain OD group has write access to only certain OD computer lists and OD computers. So far, I've created my own slapd_macosxserver_custom.conf and included it in /etc/openldap/slapd.conf The entry I have tried is: [code]access to dn.regex="cn=*lab1*,cn=computers,dc=my,dc=full,dc=base" by group="cn=lab1admin,cn=groups,dc=my,dc=full,dc=base" write[/code] Where lab1admin is the OD group I want to give access to any machine with lab1 in the name. However when I log into workgroup manager as an OD user in the lab1admin group, i am unable to change any of the preferences of machines with lab1 in the name, I get a "Error while saving record "computer name" Error: 14120 Any suggestions?