By default the admin user and libuser has full access, you may change to another user but not to a group.
I played with LDAP ACLs and following command worked in my test. Domain admins get write permissions. Please test before using in production.
ldapmodify -Y EXTERNAL <<EOF
dn: olcDatabase={-1}frontend,cn=config
changetype: modify
replace: olcAccess
olcAccess: to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by set="[cn=domain admins,ou=Groups,dc=directory,dc=nh]/memberUid & user/cn" write by dn.exact="cn=libuser,dc=directory,dc=nh" peername.ip="127.0.0.1" write by * read
EOF