diff --git a/roles/slapd/templates/slapd.conf.j2 b/roles/slapd/templates/slapd.conf.j2
index a35687d..7e35941 100644
--- a/roles/slapd/templates/slapd.conf.j2
+++ b/roles/slapd/templates/slapd.conf.j2
@@ -45,16 +45,39 @@ moduleload	syncprov.la
 # ACL
 #######################################################################
 
-access to dn.base="" by * read
-access to dn.base="cn=Subschema" by * read
+access to dn.base=""
+	by * read
+access to dn.base="cn=Subschema"
+	by * read
+access to dn.one="ou=people,dc=binary-kitchen,dc=de" attrs=userPassword
+	by self write
+	by group="cn=admin,dc=binary-kitchen,dc=de" write
+	by anonymous auth
+	by * none
+access to dn.one="ou=people,dc=binary-kitchen,dc=de" attrs=loginShell
+	by self write
+	by group="cn=admin,dc=binary-kitchen,dc=de" write
+	by users read
+	by * none
+access to dn.one="ou=people,dc=binary-kitchen,dc=de"
+	by group="cn=admin,dc=binary-kitchen,dc=de" write
+	by self read
+	by users read
+	by * none
+access to dn.one="ou=groups,dc=binary-kitchen,dc=de" attrs=memberUid
+	by group="cn=admin,dc=binary-kitchen,dc=de" write
+	by self read
+	by users read
+	by * none
 access to attrs=userPassword
 	by self write
 	by anonymous auth
-	by * read
+	by * none
 access to attrs=loginShell
 	by self write
+	by group="cn=admin,dc=binary-kitchen,dc=de" write
 	by users read
-	by * read
+	by * none
 access to *
 	by self read
 	by users read