diff --git a/mail/univention-fetchmail/conffiles/etc/ldap/slapd.conf.d/66univention-fetchmail_acl-settings b/mail/univention-fetchmail/conffiles/etc/ldap/slapd.conf.d/66univention-fetchmail_acl-settings
index ecaea7b..eea9bc9 100644
--- a/mail/univention-fetchmail/conffiles/etc/ldap/slapd.conf.d/66univention-fetchmail_acl-settings
+++ b/mail/univention-fetchmail/conffiles/etc/ldap/slapd.conf.d/66univention-fetchmail_acl-settings
@@ -1,5 +1,11 @@
-access to attrs=univentionFetchmailPasswd
-    by group/univentionGroup/uniqueMember="cn=Domain Admins,cn=groups,@%@ldap/base@%@" write
-    by set="user/univentionService & [Fetchmail]" write
-    by dn.base="cn=admin,@%@ldap/base@%@" write
-    by * none
+@!@
+from univention.lib.misc import custom_groupname
+ldap_base = configRegistry['ldap/base']
+usr = 'write' if configRegistry.get('ldap/server/type') == "master" else 'read'
+
+print 'access to attrs=univentionFetchmailPasswd'
+print '    by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % (custom_groupname('Domain Admins'), ldap_base, usr)
+print '    by set="user/univentionService & [Fetchmail]" %s' % (usr,)
+print '    by dn.base="cn=admin,%s" %s' % (ldap_base, usr)
+print '    by * none'
+@!@