diff --git a/ucs-school-ldap-acls-master/65ucsschool b/ucs-school-ldap-acls-master/65ucsschool
index 516e323..7220aae 100644
--- a/ucs-school-ldap-acls-master/65ucsschool
+++ b/ucs-school-ldap-acls-master/65ucsschool
@@ -201,11 +202,12 @@ access to dn.regex="^(.+,)?ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" attrs=use
 	by * +0 break
 
 # Alle DC-Slaves muessen alle Benutzercontainer und Gruppen jeder Schule lesen koennen
+# Jeder muss alle dirkten Attribute aller OUs lesen können
 access to dn.regex="^ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" filter="objectClass=ucsschoolOrganizationalUnit"
 	by group/univentionGroup/uniqueMember.expand="cn=OU$1-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,@%@ldap/base@%@" write
 	by group/univentionGroup/uniqueMember.expand="cn=OU$1-DC-Edukativnetz,cn=ucsschool,cn=groups,@%@ldap/base@%@" write
 	by dn.regex="^cn=.*,cn=server,cn=computers,ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$" +rscxd
-	by * +0 break
+	by * +rscxd break
 
 access to dn.regex="^cn=(users|groups|@$@EXAM@$@),ou=([^,]+),@$@DISTRICT@$@@%@ldap/base@%@$$"
 	by group/univentionGroup/uniqueMember.expand="cn=OU$2-DC-Verwaltungsnetz,cn=ucsschool,cn=groups,@%@ldap/base@%@" write