Index: ucs-3.2-0/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end
===================================================================
--- ucs-3.2-0/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end	(Revision 43898)
+++ ucs-3.2-0/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end	(Arbeitskopie)
@@ -8,7 +8,7 @@
 nestedGroups = configRegistry.is_true('ldap/acl/nestedgroups', True)
 
 if configRegistry.is_true('ldap/acl/slavepdc', True):
-	print 'access to dn.regex="^cn=([^,]+),cn=([^,]+),cn=temporary,cn=univention,%s$$" filter="(&(objectClass=lock)(!(objectClass=posixAccount)))"' % ldap_base
+	print 'access to dn.regex="^cn=([^,]+),cn=([^,]+),cn=temporary,cn=univention,%s$" filter="(&(objectClass=lock)(!(objectClass=posixAccount)))"' % ldap_base
 	print '   by dn.base="cn=admin,%s" %s' % ( ldap_base, usr )
 	if nestedGroups:
 		print '   by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr )
@@ -17,7 +17,7 @@
 	print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 	print '   by * read break'
 		
-	print 'access to dn.regex="^cn=([^,]+),cn=temporary,cn=univention,%s$$" attrs=children,entry' % ldap_base
+	print 'access to dn.regex="^cn=([^,]+),cn=temporary,cn=univention,%s$" attrs=children,entry' % ldap_base
 	print '   by dn.base="cn=admin,%s" %s' % ( ldap_base, usr )
 	if nestedGroups:
 		print '   by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr )
@@ -26,7 +26,7 @@
 	print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 	print '   by * read break'
 
-	print 'access to dn.regex="^cn=([^,]+),cn=temporary,cn=univention,%s$$" attrs=univentionLastUsedValue' % ldap_base
+	print 'access to dn.regex="^cn=([^,]+),cn=temporary,cn=univention,%s$" attrs=univentionLastUsedValue' % ldap_base
 	print '   by dn.base="cn=admin,%s" %s' % ( ldap_base, usr )
 	if nestedGroups:
 		print '   by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr )
@@ -62,7 +62,7 @@
 	print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 	print '   by * read break'
 
-print 'access to dn.regex="^cn=.*,cn=dc,cn=computers,%s$$" attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange' % ( ldap_base )
+print 'access to dn.regex="^cn=.*,cn=dc,cn=computers,%s$" attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange' % ( ldap_base )
 print '   by dn.base="cn=admin,%s" %s' % ( ldap_base, usr )
 if nestedGroups:
 	print '   by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr )
@@ -72,7 +72,7 @@
 print '   by dn.onelevel="cn=dc,cn=computers,%s" read' % ( ldap_base )
 print '   by * none'
 
-print 'access to dn.regex="^cn=.*,cn=memberserver,cn=computers,%s$$" attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange' % ( ldap_base )
+print 'access to dn.regex="^cn=.*,cn=memberserver,cn=computers,%s$" attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange' % ( ldap_base )
 print '   by dn.base="cn=admin,%s" %s' % ( ldap_base, usr )
 if nestedGroups:
 	print '   by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr )
@@ -82,7 +82,7 @@
 print '   by self %s' % ( usr )
 print '   by * none'
 
-print 'access to dn.regex="^cn=.*,cn=memberserver,cn=computers,%s$$" attrs=objectClass,sambaSID,sambaPrimaryGroupSID,displayName,sambaAcctFlags' % ( ldap_base )
+print 'access to dn.regex="^cn=.*,cn=memberserver,cn=computers,%s$" attrs=objectClass,sambaSID,sambaPrimaryGroupSID,displayName,sambaAcctFlags' % ( ldap_base )
 print '   by dn.base="cn=admin,%s" %s' % ( ldap_base, usr )
 if nestedGroups:
 	print '   by set="user & [cn=Domain Admins,cn=groups,%s]/uniqueMember*" %s' % ( ldap_base, usr )
Index: ucs-3.2-0/univention-ldap/conffiles/etc/ldap/slapd.conf.d/64univention-ldap-server_acl-master-admin-settings
===================================================================
--- ucs-3.2-0/univention-ldap/conffiles/etc/ldap/slapd.conf.d/64univention-ldap-server_acl-master-admin-settings	(Revision 43898)
+++ ucs-3.2-0/univention-ldap/conffiles/etc/ldap/slapd.conf.d/64univention-ldap-server_acl-master-admin-settings	(Arbeitskopie)
@@ -11,7 +11,7 @@
 	by * none break
 
 access to dn.regex="^uid=([^,]+),cn=admin-settings,cn=univention,%(base)s$"
-	by dn.regex="^uid=$1,.*%(base)s$" %(access)s
+	by dn.regex="^uid=$1,.*%(base)s$$" %(access)s
 	by dn.base="cn=admin,%(base)s" %(access)s
 	by * none
 ''' % { 'base' : ldap_base, 'access' : access }