OD Access Control in Leopard Server

Ok, so I'm FINALLY starting a migration project to rebuild our 10.4 OD Master on 10.5. Can anyone help me with the access controls. They seemed to have moved back to the slapd_macosxserver.conf file from cn=config. I thought we weren't supposed to touch that file. Also, Open Directory Admin PDF says I can "Configure Record Privileges" with Server Admin and a button labeled "Privileges". Anyone seen that button? the http://images.apple.com/server/macosx/docs/Open_Directory_Admin_v10.5_2nd_Ed.pdf One of the things i want to know how to do is lock down specific attributes or containers. Say I don't want users adding to the shared white pages in cn=people container. What do I change of the current ACLs in the slapd_macosxserver.conf file to do this? [code] access to dn.base="cn=people,dc=ldap,dc=biola,dc=edu" attrs=children by set="user/uid & [cn=admin,cn=groups,dc=ldap,dc=biola,dc=edu]/memberUid" write by dn.exact="cn=od1.biola.edu$,cn=computers,dc=ldap,dc=biola,dc=edu" write by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write by dynacl/idattr/OP:ADD.exact=USERS write by dynacl/idattr/OP:DELETE.exact=OWNER write by * read access to dn.onelevel="cn=people,dc=ldap,dc=biola,dc=edu" attrs=entry by set="user/uid & [cn=admin,cn=groups,dc=ldap,dc=biola,dc=edu]/memberUid" write by dn.exact="cn=od1.biola.edu$,cn=computers,dc=ldap,dc=biola,dc=edu" write by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write by dnattr=creatorsName write by dynacl/idattr.exact=OWNER write by * read access to dn.onelevel="cn=people,dc=ldap,dc=biola,dc=edu" attrs=@extensibleObject by set="user/uid & [cn=admin,cn=groups,dc=ldap,dc=biola,dc=edu]/memberUid" write by dn.exact="cn=od1.biola.edu$,cn=computers,dc=ldap,dc=biola,dc=edu" write by sockurl="ldapi://%2Fvar%2Frun%2Fldapi" write by dynacl/idattr.exact=OWNER write by * read [/code]