diff --git a/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/63univention-ldap-server_acl-master-password b/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/63univention-ldap-server_acl-master-password
index faa787b..80e1ae1 100644
--- a/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/63univention-ldap-server_acl-master-password
+++ b/management/univention-ldap/conffiles/etc/ldap/slapd.conf.d/63univention-ldap-server_acl-master-password
@@ -12,8 +12,11 @@ if baseConfig.has_key('ldap/acl/user/password/change') and baseConfig['ldap/acl/
 	print '   by self %s' % ( usr )
 	print '   by * none break'
 
-# grant write access to users' own UMC properties
-print 'access to attrs="univentionUMCProperty,objectClass"'
+print '# grant write access to users own UMC properties'
+print 'access to attrs="univentionUMCProperty" filter="objectClass=organizationalPerson"'
+print '   by self %s' % usr
+print '   by * none break'
+print 'access to attrs=objectClass val=univentionPerson filter="objectClass=organizationalPerson"'
 print '   by self %s' % usr
 print '   by * none break'