diff --git a/branches/ucs-3.0/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py b/branches/ucs-3.0/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
index 0813ef8..ea72c80 100644
--- a/branches/ucs-3.0/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
+++ b/branches/ucs-3.0/ucs/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py
@@ -32,11 +32,9 @@
 
 import hashlib
 import os
-import string
 import re
 import copy
 import time
-import types
 import struct
 import tempfile
 from M2Crypto import X509
@@ -193,7 +191,7 @@ property_descriptions={
 			short_description=_('Display name'),
 			long_description='',
 			syntax=univention.admin.syntax.string,
-			options=['posix'],
+			options=['person', 'samba'],
 			multivalue=0,
 			required=0,
 			may_change=1,
@@ -888,7 +886,7 @@ layout = [
 			[ 'title', 'firstname', 'lastname'],
 			[ 'username', 'description' ],
 			'password',
- 			[ 'overridePWHistory', 'overridePWLength' ] ,
+			[ 'overridePWHistory', 'overridePWLength' ] ,
 			'mailPrimaryAddress',
 			] ),
 		Group( _( 'Personal information' ), layout = [
@@ -994,12 +992,15 @@ def posixDaysToDate(days):
 	return time.strftime("%Y-%m-%d",time.gmtime(long(days)*3600*24))
 
 def sambaWorkstationsMap(workstations):
-	univention.debug.debug(univention.debug.ADMIN, univention.debug.ALL, 'samba: sambaWorkstationMap: in=%s; out=%s' % (workstations,string.join(workstations, ',')))
-	return string.join(workstations, ',')
+	val = ','.join(workstations)
+	univention.debug.debug(univention.debug.ADMIN, univention.debug.ALL, 'samba: sambaWorkstationMap: in=%s; out=%s' % (workstations, val))
+	return val
 
 def sambaWorkstationsUnmap(workstations):
-	univention.debug.debug(univention.debug.ADMIN, univention.debug.ALL, 'samba: sambaWorkstationUnmap: in=%s; out=%s' % (workstations[0],string.split(workstations[0],',')))
-	return string.split(workstations[0],',')
+	val_in = workstations[0]
+	val_out = val_in.split(',')
+	univention.debug.debug(univention.debug.ADMIN, univention.debug.ALL, 'samba: sambaWorkstationUnmap: in=%s; out=%s' % (val_in, val_out))
+	return val_out
 
 def logonHoursMap(logontimes):
 	"converts the bitfield 001110010110...100 to the respective string"
@@ -1009,7 +1010,7 @@ def logonHoursMap(logontimes):
 	bitstring = ''.join( map( lambda x: x in logontimes and '1' or '0', range( 168 ) ) )
 
 	# for idx in logontimes:
-	# 	bitstring[ idx ] = '1'
+	#	bitstring[ idx ] = '1'
 
 	logontimes = bitstring
 
@@ -1110,7 +1111,7 @@ def load_certificate(user_certificate):
 
 	def convert_certdate (certdate):
 		datestring=str(certdate)
-		dl=string.split(datestring)
+		dl = datestring.split()
 		month=[None, 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec' ]
 		try:
 			dl[0]=month.index(dl[0])
@@ -1135,43 +1136,50 @@ def load_certificate(user_certificate):
 		return {}
 
 
-	value={}
-
-	value['certificateDateNotBefore']=convert_certdate(not_before)
-	value['certificateDateNotAfter']=convert_certdate(not_after)
-	value['certificateVersion']=str(version)
-	value['certificateSerial']=str(serial)
-
+	value = {
+			'certificateDateNotBefore': convert_certdate(not_before),
+			'certificateDateNotAfter': convert_certdate(not_after),
+			'certificateVersion': str(version),
+			'certificateSerial': str(serial),
+			}
 	for i in issuer.split('/'):
-		if re.match('^C=', i):
-			value['certificateIssuerCountry']=string.split(i, '=')[1]
-		elif re.match('^ST=', i):
-			value['certificateIssuerState']=string.split(i, '=')[1]
-		elif re.match('^L=', i):
-			value['certificateIssuerLocation']=string.split(i, '=')[1]
-		elif re.match('^O=', i):
-			value['certificateIssuerOrganisation']=string.split(i, '=')[1]
-		elif re.match('^OU=', i):
-			value['certificateIssuerOrganisationalUnit']=string.split(i, '=')[1]
-		elif re.match('^CN=', i):
-			value['certificateIssuerCommonName']=string.split(i, '=')[1]
-		elif re.match('^emailAddress=', i):
-			value['certificateIssuerMail']=string.split(i, '=')[1]
+		try:
+			key, val = i.split('=', 1)
+		except ValueError:
+			continue
+		if key == 'C':
+			value['certificateIssuerCountry'] = val
+		elif key == 'ST':
+			value['certificateIssuerState'] = val
+		elif key == 'L':
+			value['certificateIssuerLocation'] = val
+		elif key == 'O':
+			value['certificateIssuerOrganisation'] = val
+		elif key == 'OU':
+			value['certificateIssuerOrganisationalUnit'] = val
+		elif key == 'CN':
+			value['certificateIssuerCommonName'] = val
+		elif key == 'emailAddress':
+			value['certificateIssuerMail'] = val
 	for i in subject.split('/'):
-		if re.match('^C=', i):
-			value['certificateSubjectCountry']=string.split(i, '=')[1]
-		elif re.match('^ST=', i):
-			value['certificateSubjectState']=string.split(i, '=')[1]
-		elif re.match('^L=', i):
-			value['certificateSubjectLocation']=string.split(i, '=')[1]
-		elif re.match('^O=', i):
-			value['certificateSubjectOrganisation']=string.split(i, '=')[1]
-		elif re.match('^OU=', i):
-			value['certificateSubjectOrganisationalUnit']=string.split(i, '=')[1]
-		elif re.match('^CN=', i):
-			value['certificateSubjectCommonName']=string.split(i, '=')[1]
-		elif re.match('^emailAddress=', i):
-			value['certificateSubjectMail']=string.split(i, '=')[1]
+		try:
+			key, val = i.split('=', 1)
+		except ValueError:
+			continue
+		if key == 'C':
+			value['certificateSubjectCountry'] = val
+		elif key == 'ST':
+			value['certificateSubjectState'] = val
+		elif key == 'L':
+			value['certificateSubjectLocation'] = val
+		elif key == 'O':
+			value['certificateSubjectOrganisation'] = val
+		elif key == 'OU':
+			value['certificateSubjectOrganisationalUnit'] = val
+		elif key == 'CN':
+			value['certificateSubjectCommonName'] = val
+		elif key == 'emailAddress':
+			value['certificateSubjectMail'] = val
 
 	univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'value=%s' % value)
 	return value
@@ -1179,7 +1187,7 @@ def load_certificate(user_certificate):
 def mapHomePostalAddress(old):
 	new=[]
 	for i in old:
-		new.append(string.join(i, '$' ))
+		new.append('$'.join(i))
 	return new
 
 def unmapHomePostalAddress(old):
@@ -1472,7 +1480,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
 				expiry=self['passwordexpiry'].split('-')
 				# expiry.reverse()
 				# today.reverse()
-				if int(string.join(today,''))>=int(string.join(expiry,'')):
+				if int(''.join(today)) >= int(''.join(expiry)):
 					self['pwdChangeNextLogin']='1'
 
 			if 'samba' in self.options:
@@ -1859,7 +1867,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
 				ocs.extend(['organizationalPerson','inetOrgPerson'])
 			if 'ldap_pwd' in self.options:
 				ocs.extend(['simpleSecurityObject','uidObject'])
- 			if 'kerberos' in self.options:
+			if 'kerberos' in self.options:
 				domain=univention.admin.uldap.domain(self.lo, self.position)
 				realm=domain.getKerberosRealm()
 				if realm:
@@ -2018,7 +2026,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
 			pwd_change_next_login=2
 
 		if self.hasChanged('username'):
- 			if 'kerberos' in self.options:
+			if 'kerberos' in self.options:
 				ml.append(('krb5PrincipalName', self.oldattr.get('krb5PrincipalName', []), [self.krb5_principal()]))
 
 		if self.modifypassword:
@@ -2388,7 +2396,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
 						ml.insert(0, ('objectClass', '', 'automount'))
 
 					am_host=share['host']
-					if not self['homeSharePath'] or type(self['homeSharePath']) not in [types.StringType, types.UnicodeType]:
+					if not self['homeSharePath'] or not isinstance(self['homeSharePath'], basestring):
 						am_path=os.path.join(share['path'])
 					else:
 						am_path=os.path.join(share['path'], self['homeSharePath'])
@@ -2514,20 +2522,18 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
 	def __passwordInHistory(self, newpassword, pwhistory):
 		# first calc hash for the new pw
 		s = hashlib.sha1( newpassword.encode( 'utf-8' ) )
-		newpwhash = string.upper(s.hexdigest())
-		if not string.find(pwhistory, newpwhash) < 0:
-			# password has already been used.
-			return 1
-		return 0
+		newpwhash = s.hexdigest().upper()
+		# check if password has already been used
+		return pwhistory.find(newpwhash) < 0
 
 	def __getPWHistory(self, newpassword, pwhistory, pwhlen):
 		# first calc hash for the new pw
 		s = hashlib.sha1( newpassword.encode( 'utf-8' ) )
-		newpwhash = string.upper(s.hexdigest())
+		newpwhash = s.hexdigest().upper()
 
 		# split the history
-		if len(string.strip(pwhistory)):
-			pwlist = string.split(pwhistory, ' ')
+		if len(pwhistory.strip()):
+			pwlist = pwhistory.split(' ')
 		else:
 			pwlist = []
 
@@ -2551,13 +2557,13 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
 					else:
 						pwlist.append(newpwhash)
 		# and build the new history
-		res = string.join(pwlist)
+		res = ' '.join(pwlist)
 		return res
 
 	def __getsmbPWHistory(self, newpassword, smbpwhistory, smbpwhlen):
 		# split the history
-		if len(string.strip(smbpwhistory)):
-			pwlist = string.split(smbpwhistory, ' ')
+		if len(smbpwhistory.strip()):
+			pwlist = smbpwhistory.split(' ')
 		else:
 			pwlist = []
 
@@ -2600,7 +2606,7 @@ class object( univention.admin.handlers.simpleLdap, mungeddial.Support ):
 					pwlist.append(smbpwhash)
 
 		# and build the new history
-		res = string.join(pwlist, '')
+		res = ''.join(pwlist)
 		return res
 
 	def __generate_user_sid(self, uidNum):