diff --git a/branches/ucs-3.2/ucs-3.2-1/management/univention-directory-manager-modules/modules/univention/admin/handlers/groups/group.py b/branches/ucs-3.2/ucs-3.2-1/management/univention-directory-manager-modules/modules/univention/admin/handlers/groups/group.py
index 49eb294..5bc3098 100644
--- a/branches/ucs-3.2/ucs-3.2-1/management/univention-directory-manager-modules/modules/univention/admin/handlers/groups/group.py
+++ b/branches/ucs-3.2/ucs-3.2-1/management/univention-directory-manager-modules/modules/univention/admin/handlers/groups/group.py
@@ -88,7 +88,6 @@ property_descriptions={
 			syntax=univention.admin.syntax.gid,
 			multivalue=0,
 			include_in_default_search=1,
-			options=['posix', 'samba'],
 			required=1,
 			may_change=1,
 			identifies=1
@@ -361,7 +360,7 @@ class object(univention.admin.handlers.simpleLdap):
 		# None ==> ldap has not been checked for servers with service "S4 Connector"
 		# True ==> at least one server with IP address (aRecord) is present
 		# False ==> no server is present
-		if s4connector_present == None:
+		if s4connector_present is None:
 			searchResult = lo.search('(&(|(objectClass=univentionDomainController)(objectClass=univentionMemberServer))(univentionService=S4 Connector))', attr = ['aRecord'])
 			s4connector_present = True
 			if not [ ddn for (ddn, attr) in searchResult if attr.has_key('aRecord') ]:
@@ -399,11 +398,10 @@ class object(univention.admin.handlers.simpleLdap):
 
 			time_start = time.time()
 
-			self['users']=self['hosts']=self['nestedGroup']=[]
-			if self.oldattr.has_key('uniqueMember'):
-				groupMembers=self.oldattr['uniqueMember']
-
-				for i in groupMembers:
+			self['users'] = []
+			self['hosts'] = []
+			self['nestedGroup'] = []
+			for i in self.oldattr.get('uniqueMember', []):
 					if cache_uniqueMember.is_valid(i):
 						membertype = cache_uniqueMember.get(i).get('type')
 						if membertype == 'user':
@@ -433,14 +431,8 @@ class object(univention.admin.handlers.simpleLdap):
 			time_end = time.time()
 			univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: open(): member check duration: %1.2fs' % (time_end - time_start))
 
-
-			self['allowedEmailUsers'] = []
-			if self.oldattr.has_key('univentionAllowedEmailUsers'):
-				self['allowedEmailUsers'] = self.oldattr['univentionAllowedEmailUsers']
-
-			self['allowedEmailGroups'] = []
-			if self.oldattr.has_key('univentionAllowedEmailGroups'):
-				self['allowedEmailGroups'] = self.oldattr['univentionAllowedEmailGroups']
+			self['allowedEmailUsers'] = self.oldattr.get('univentionAllowedEmailUsers', [])
+			self['allowedEmailGroups'] = self.oldattr.get('univentionAllowedEmailGroups', [])
 
 			self.save()
 
@@ -448,10 +440,9 @@ class object(univention.admin.handlers.simpleLdap):
 		ml = []
 		uids = []
 		members = []
-		searchResult = self.lo.search(base=self.dn, attr=['uniqueMember','memberUid'])
-		if searchResult:
-			uids = searchResult[0][1].get('memberUid',[])
-			members = searchResult[0][1].get('uniqueMember',[])
+		for _dn, searchResult in self.lo.search(base=self.dn, attr=['uniqueMember', 'memberUid']):
+			uids = searchResult.get('memberUid', [])
+			members = searchResult.get('uniqueMember', [])
 
 		add_uidlist = []
 		for uid in uidlist:
@@ -484,10 +475,9 @@ class object(univention.admin.handlers.simpleLdap):
 		ml = []
 		uids = []
 		members = []
-		searchResult = self.lo.search(base=self.dn, attr=['uniqueMember','memberUid'])
-		if searchResult:
-			uids = searchResult[0][1].get('memberUid',[])
-			members = searchResult[0][1].get('uniqueMember',[])
+		for _dn, searchResult in self.lo.search(base=self.dn, attr=['uniqueMember', 'memberUid']):
+			uids = searchResult.get('memberUid', [])
+			members = searchResult.get('uniqueMember', [])
 
 		remove_uidlist = []
 		for uid in uidlist:
@@ -551,27 +541,27 @@ class object(univention.admin.handlers.simpleLdap):
 			try:
 				self.alloc.append(('groupName', self['name']))
 				name=univention.admin.allocators.request(self.lo, self.position, 'groupName', value=self['name'])
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: arequested groupname without exception')
+				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: requested groupname without exception')
 			except univention.admin.uexceptions.permissionDenied, e:
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: arequested groupname with permissionDenied exception')
+				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: requested groupname with permissionDenied exception')
 				raise e
 			except univention.admin.uexceptions.licenseNotFound, e:
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: arequested groupname with licenseNotFound exception')
+				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: requested groupname with licenseNotFound exception')
 				raise e
 			except univention.admin.uexceptions.licenseInvalid, e:
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: arequested groupname with licenseInvalid exception')
+				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: requested groupname with licenseInvalid exception')
 				raise e
 			except univention.admin.uexceptions.licenseExpired, e:
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: arequested groupname with licenseExpired exception')
+				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: requested groupname with licenseExpired exception')
 				raise e
 			except univention.admin.uexceptions.licenseWrongBaseDn, e:
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: arequested groupname with licenseWrongbaseDn exception')
+				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: requested groupname with licenseWrongbaseDn exception')
 				raise e
 			except univention.admin.uexceptions.licenseDisableModify, e:
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: arequested groupname with licenseDisableModify exception')
+				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: requested groupname with licenseDisableModify exception')
 				raise e
 			except univention.admin.uexceptions.base, e:
-				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: arequested groupname with base (%s) exception'%e)
+				univention.debug.debug(univention.debug.ADMIN, univention.debug.INFO, 'groups/group: requested groupname with base (%s) exception'%e)
 				error=1
 
 			if not name or error:
@@ -584,20 +574,18 @@ class object(univention.admin.handlers.simpleLdap):
 				raise univention.admin.uexceptions.groupNameAlreadyUsed, ': %s' % (name)
 				return []
 
-			ocs=['top']
-			al=[]
+			ocs = ['top']
+			al = [('objectClass', ocs)]
 			if 'posix' in self.options:
 				ocs.append('posixGroup')
-				ocs.append('univentionGroup')
+			else:
+				ocs.append('organizationalRole')  # any STRUCTURAL class with 'cn'
+			ocs.append('univentionGroup')
 			if 'samba' in self.options:
 				ocs.append('sambaGroupMapping')
-				if not 'posix' in self.options:
-					ocs.append('organizationalRole')
 				al.append(('sambaSID', [self.groupSid]))
-
-			al.append(('gidNumber', [self.gidNum]))
-
-			al.insert(0, ('objectClass', ocs))
+			if set(('posix', 'samba')) & set(self.options):
+				al.append(('gidNumber', [self.gidNum]))
 			return al
 		except:
 			self.cancel()