This example is based on the DIT of the UPMC directory. So just some explanations : students are stored in severeals trees. The self relative information are stored in "ou=People,dc=upmc,dc=fr". The information which are relative to a registration is stored in "ou=Administrative Registration,dc=upmc,dc=fr". In this tree, there's three levels : family of diplomas, diplomas and modules of teaching. In the general case, a student can see part of the other students' information, i.e. read cn, mail, employeeType attributes of students which are in the same diplomas. In the DIT, this means that they are in the same subtree with a depth of 2.
And now the AACL :
# 11, ACL2, upmc, fr dn: cn=11,ou=ACL2,dc=upmc,dc=fr objectClass: aacls objectClass: top attribute: cn attribute: mail attribute: employeeType rights: r targetBase: dc=upmc, dc=fr description: Enable a student to see other relative students cn: 11 relation: search.(sup.(search.("ou=Administrative Registration, dc=upmc, dc=fr","uid=$targetRDN"),2),"uid=$authorRDN")