diff --git a/acl-data.ldif b/acl-data.ldif
index d8d1678..f59ce1a 100644
--- a/acl-data.ldif
+++ b/acl-data.ldif
@@ -3,101 +3,65 @@ changetype: modify
 replace: olcAccess
 olcAccess: to *
   by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
+  by dn.regex="cn=.+,ou=Robots,c=.+" read
   by * break
-olcAccess: to attrs=userPassword
+olcAccess: to attrs=userPassword,sambaNTPassword,sambaLMPassword
   by self write
   by anonymous auth
   by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
-olcAccess: to dn.base="c=au"
+olcAccess: to dn.regex="^c=.+$"
   by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
   by * read
-olcAccess: to dn.regex="o=(.*),c=(.*)$" attrs=wsAccountContact
-  by dnattr=wsAccountOwner read
+olcAccess: to dn.regex="c=.+$"
+  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
+  by * break
+olcAccess: to dn.regex="^o=.+,c=.+$"
+  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
+  by * read
+olcAccess: to dn.regex="o=.+,c=.+$" attrs=wsAccountContact
+  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
   by self write
+  by dnattr=wsAccountOwner read
   by anonymous auth
-  by dnattr=wsAccountOwner read
   by * read
-olcAccess: to dn.regex="^o=(.*),c=(.*)$"
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
-  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" read
-  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
-  by dn.regex="cn=.*,ou=People,o=$1,c=$2" read
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
-  by * read
-olcAccess: to dn.regex="ou=(People|Customers),o=(.*),c=(.*)$" attrs=mail,uid
+olcAccess: to dn.regex="ou=(People|Customers|Applications|BBS),o=(.+),c=(.+)$" attrs=mail,uid,cn,givenName,sn
   by self write
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
   by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
   by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
   by * search
-olcAccess: to dn.regex="ou=(People|Customers),o=(.*),c=(.*)$" attrs=shadowLastChange
+olcAccess: to dn.regex="ou=(People|Customers|Applications|BBS),o=(.+),c=(.+)$" attrs=mailRoutingAddress,mailHost,entry,entryuuid
   by self write
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
-  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
-  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
-olcAccess: to dn.regex="ou=(People|Customers|Applications),o=(.*),c=(. *)$" attrs=mail,uid,mailRoutingAddress,mailHost,entry
-  by self write
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
   by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
   by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
   by * read
-olcAccess: to dn.regex="ou=People,o=(.*),c=(.*)$"
+olcAccess: to dn.regex="ou=(People|Customers),o=(.+),c=(.+)$" attrs=shadowLastChange
+  by self write
+  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
+  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
+olcAccess: to dn.regex="ou=People,o=(.+),c=(.+)$"
   by self write
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
   by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
   by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
-  by dn.regex="cn=.*,ou=People,o=$1,c=$2" read
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
   by * read
-olcAccess: to dn.regex="ou=(Customers|Groups),o=(.*),c=(.*)$"
+olcAccess: to dn.regex="ou=(Applications|Customers|BBS|Groups),o=(.+),c=(.+)$"
   by self write
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
   by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
   by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
-olcAccess: to dn.regex="ou=Applications,o=(.*),c=(.*)$"
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
-  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
-  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
+  by dnattr=wsAccountOwner read
   by dnattr=uniqueMember read
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
-olcAccess: to dn.regex="ou=DNS,o=(.*),c=(.*)$"
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
-  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
-  by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
-olcAccess: to dn.regex="ou=DSL,o=(.*),c=(.*)$"
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
+  by * search
+olcAccess: to dn.regex="ou=(DNS|Hosts|Network),o=(.+),c=(.+)$"
   by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
   by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
   by dnattr=wsAccountOwner read
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
-olcAccess: to dn.regex="ou=Hosts,o=(.*),c=(.*)$"
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
-  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
-  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" read
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
-olcAccess: to dn.regex="ou=Network,o=(.*),c=(.*)$"
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
-  by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
-  by group/groupOfNames/member.expand="cn=Management,ou=Admin,o=$1,c=$2" read
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
-olcAccess: to dn.regex="ou=(.*),o=(.*),c=(.*)$" attrs=uniqueMember,member
+  by * search
+olcAccess: to dn.regex="ou=.+,o=(.+),c=(.+)$" attrs=uniqueMember,member
   by self write
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
   by group/groupOfNames/member.exact="cn=admin internal,ou=groups,c=au" write
-  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$2,c=$3" write
+  by group/groupOfNames/member.expand="cn=People,ou=Admin,o=$1,c=$2" write
   by dnattr=uniqueMember read
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
-olcAccess: to dn.regex="ou=(.*),o=(.*),c=(.*)$"
-  by self write
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
-  by dn.regex="cn=.*,ou=Robots,c=AU" read
   by dnattr=wsAccountOwner read
 olcAccess: to *
-  by group/groupOfNames/member.exact="cn=admin,ou=groups,c=au" write
   by * search
 -
 replace: olcAddContentAcl