--- a/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-master	
+++ a/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-master	
@@ -11,9 +11,9 @@ else:
 groups_default_domainadmins = custom_groupname('Domain Admins')
 users_default_administrator = custom_username('Administrator')
 
-print 'sasl-regexp'
+print 'authz-regexp'
 print '    uid=([^,]*),cn=(gssapi|saml),cn=auth'
-print '    ldap://0.0.0.0:%s/"%s"??sub?uid=$1' % (ldap_port, ldap_base)
+print '    ldap:///%s??sub?uid=$1' % (ldap_base,)
 print
 
 print 'access to attrs=userPassword'
--- a/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave	
+++ a/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/60univention-ldap-server_acl-slave	
@@ -1,6 +1,6 @@ 
-sasl-regexp
+authz-regexp
     uid=([^,]*),cn=(gssapi|saml),cn=auth
-    ldap:///"@%@ldap/base@%@"??sub?uid=$1
+    ldap:///@%@ldap/base@%@??sub?uid=$1
 
 # allow authentication 
 access to attrs=userPassword
@@ -31,6 +31,9 @@ if baseConfig.is_false('ldap/acl/read/anonymous'):
 else:
 	print '   by * read'
 print
+if configRegistry.is_false('ldap/acl/read/anonymous'):
+	print 'access to attrs=entry,uid'
+	print '   by anonymous auth'
 
 if configRegistry.get('ldap/replog', '').lower() in ('true', 'yes'):
 	print "replogfile /var/lib/univention-ldap/replog/replog"
--- a/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end	
+++ a/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/70univention-ldap-server_acl-master-end	
@@ -179,6 +179,10 @@ if configRegistry.is_false('ldap/acl/read/anonymous'):
 else:
 	print '   by * read'
 
+if configRegistry.is_false('ldap/acl/read/anonymous'):
+	print 'access to attrs=entry,uid'
+	print '   by anonymous auth'
+
 if configRegistry.is_true('ldap/replog', False):
 	print "replogfile /var/lib/univention-ldap/replog/replog"
 @!@