Index: conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end
===================================================================
--- conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end	(Revision 49252)
+++ conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end	(Arbeitskopie)
@@ -19,7 +19,7 @@
 		print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 	else:
 		print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-	print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+	print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 	print '   by * read break'
 		
 	print 'access to dn.regex="^cn=([^,]+),cn=temporary,cn=univention,%s$" attrs=children,entry' % ldap_base
@@ -28,7 +28,7 @@
 		print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 	else:
 		print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-	print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+	print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 	print '   by * read break'
 
 	print 'access to dn.regex="^cn=([^,]+),cn=temporary,cn=univention,%s$" attrs=univentionLastUsedValue' % ldap_base
@@ -37,12 +37,12 @@
 		print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 	else:
 		print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-	print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+	print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 	print '   by * read break'
 
 	print '## to prevent uidNumber=0 modifications'
 	print 'access to attrs=uidNumber value=0'
-	print '   by dn.onelevel="cn=dc,cn=computers,%s" read' % ( ldap_base )
+	print '   by dn.children="cn=dc,cn=computers,%s" read' % ( ldap_base )
 	print '   by * read break'
 
 	print 'access to dn.subtree="cn=computers,%s" attrs=children,entry filter="(!(uidNumber=0))"' % ( ldap_base )
@@ -51,7 +51,7 @@
 		print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 	else:
 		print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-	print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+	print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 	print '   by * read break'
 
 	print 'access to dn.children="%s" filter="(|(objectClass=univentionWindows)(&(objectClass=univentionGroup)(cn=%s)))"' % ( ldap_base, groups_default_windowshosts)
@@ -60,7 +60,7 @@
 		print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 	else:
 		print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-	print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+	print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 	print '   by * read break'
 
 	print 'access to dn.children="%s" filter="(objectClass=sambaDomain)"' % ( ldap_base )
@@ -69,7 +69,7 @@
 		print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 	else:
 		print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-	print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+	print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 	print '   by * read break'
 
 print 'access to dn.regex="^cn=.*,cn=dc,cn=computers,%s$" attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange' % ( ldap_base )
@@ -79,7 +79,7 @@
 else:
 	print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
 print '   by self %s' % ( usr )
-print '   by dn.onelevel="cn=dc,cn=computers,%s" read' % ( ldap_base )
+print '   by dn.children="cn=dc,cn=computers,%s" read' % ( ldap_base )
 print '   by * none'
 
 print 'access to dn.regex="^cn=.*,cn=memberserver,cn=computers,%s$" attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange' % ( ldap_base )
@@ -88,7 +88,7 @@
 	print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 else:
 	print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 print '   by self %s' % ( usr )
 print '   by * none'
 
@@ -98,7 +98,7 @@
 	print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 else:
 	print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
 print '   by * read break'
 
 print 'access to attrs=userPassword,krb5Key,krb5KDCFlags,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,pwhistory,krb5KeyVersionNumber,univentionWindowsReinstall,sambaPwdCanChange,sambaPwdMustChange,sambaPasswordHistory,sambaClearTextPassword,sambaPreviousClearTextPassword'
@@ -107,8 +107,8 @@
 	print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 else:
 	print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
-print '   by dn.onelevel="cn=memberserver,cn=computers,%s" read' % ( ldap_base )
+print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+print '   by dn.children="cn=memberserver,cn=computers,%s" read' % ( ldap_base )
 print '   by * none'
 
 print 'access to attrs=shadowMax,krb5PasswordEnd,shadowLastChange'
@@ -117,8 +117,8 @@
 	print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 else:
 	print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
-print '   by dn.onelevel="cn=memberserver,cn=computers,%s" read' % ( ldap_base )
+print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+print '   by dn.children="cn=memberserver,cn=computers,%s" read' % ( ldap_base )
 print '   by * read break'
 
 print 'access to dn.base="cn=idmap,cn=univention,%s"' % ( ldap_base )
@@ -127,8 +127,8 @@
 	print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 else:
 	print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
-print '   by dn.onelevel="cn=memberserver,cn=computers,%s" write' % ( ldap_base )
+print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+print '   by dn.children="cn=memberserver,cn=computers,%s" write' % ( ldap_base )
 print '   by * none'
 
 print 'access to dn.children="cn=idmap,cn=univention,%s" filter="(&(|(&(objectClass=sambaUnixIdPool)(objectClass=organizationalRole)(objectClass=top))(&(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry)))(!(objectClass=posixAccount)))"' % ( ldap_base )
@@ -137,8 +137,8 @@
 	print '   by set="user & [cn=%s,cn=groups,%s]/uniqueMember*" %s' % ( groups_default_domainadmins, ldap_base, usr )
 else:
 	print '   by group/univentionGroup/uniqueMember="cn=%s,cn=groups,%s" %s' % ( groups_default_domainadmins, ldap_base, usr )
-print '   by dn.onelevel="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
-print '   by dn.onelevel="cn=memberserver,cn=computers,%s" write' % ( ldap_base )
+print '   by dn.children="cn=dc,cn=computers,%s" %s' % ( ldap_base, usr )
+print '   by dn.children="cn=memberserver,cn=computers,%s" write' % ( ldap_base )
 print '   by * none'
 
 print 'access to *'