diff --git a/plugins/admin/users/class_userManagement.inc b/plugins/admin/users/class_userManagement.inc
index cbab10fb35ffb1d59d18e5821b8b54a4101e299a..063f76183416b58de3fddf5135c589e74caf749c 100644
--- a/plugins/admin/users/class_userManagement.inc
+++ b/plugins/admin/users/class_userManagement.inc
@@ -139,7 +139,7 @@ class userManagement extends simpleManagement
     $disallowed = array();
     $dns        = array();
     foreach ($entry as $dn) {
-      if (!preg_match('/w/', $ui->get_permissions($dn, 'user/password'))) {
+      if (!preg_match('/w/', $ui->get_permissions($dn, 'user/user', 'userPassword'))) {
         $disallowed[] = $dn;
       } else {
         $allowed[] = $dn;
diff --git a/plugins/admin/users/user-list.xml b/plugins/admin/users/user-list.xml
index 269eb6cd66a5d5fd4d02941a9aa3d42f4481e651..a81fba24dc29e3b1ca1f7c697f5987b48987777a 100644
--- a/plugins/admin/users/user-list.xml
+++ b/plugins/admin/users/user-list.xml
@@ -123,7 +123,7 @@
       <name>lockUsers</name>
       <type>entry</type>
       <image>geticon.php?context=status&amp;icon=object-locked&amp;size=16</image>
-      <acl>user/password[w]</acl>
+      <acl>user/user[userPassword:rw]</acl>
       <label>Lock users</label>
     </action>
 
@@ -131,7 +131,7 @@
       <name>unlockUsers</name>
       <type>entry</type>
       <image>geticon.php?context=status&amp;icon=object-unlocked&amp;size=16</image>
-      <acl>user/password[w]</acl>
+      <acl>user/user[userPassword:rw]</acl>
       <label>Unlock users</label>
     </action>
 
@@ -195,7 +195,7 @@
       <type>entry</type>
       <objectclass>!fdTemplate</objectclass>
       <image>%{filter:lockImage(userPassword)}</image>
-      <acl>user/password[w]</acl>
+      <acl>user/user[userPassword:rw]</acl>
       <label>%{filter:lockLabel(userPassword)}</label>
     </action>
 
diff --git a/setup/class_setupStep_Migrate.inc b/setup/class_setupStep_Migrate.inc
index 3847f75187add221b97107c543cbc85d501d3a5a..eec385b5ca386453c840767531f6227f22bc19d0 100644
--- a/setup/class_setupStep_Migrate.inc
+++ b/setup/class_setupStep_Migrate.inc
@@ -232,19 +232,19 @@ class Step_Migrate extends setupStep
         'cn'              => 'manager',
         'description'     => _('Give all rights on users in the given branch'),
         'objectclass'     => array('top', 'gosaRole'),
-        'gosaAclTemplate' => '0:user/password;cmdrw,user/user;cmdrw,user/posixAccount;cmdrw'
+        'gosaAclTemplate' => '0:user/user;cmdrw,user/posixAccount;cmdrw'
       ),
       array(
         'cn'              => 'editowninfos',
         'description'     => _('Allow users to edit their own information (main tab and posix use only on base)'),
         'objectclass'     => array('top', 'gosaRole'),
-        'gosaAclTemplate' => '0:user/posixAccount;srw,user/user;srw'
+        'gosaAclTemplate' => '0:user/user;srw,user/posixAccount;srw'
       ),
       array(
-        'cn'              => 'editowninfos',
+        'cn'              => 'editownpwd',
         'description'     => _('Allow users to edit their own password (use only on base)'),
         'objectclass'     => array('top', 'gosaRole'),
-        'gosaAclTemplate' => '0:user/password;srw'
+        'gosaAclTemplate' => '0:user/user;#userPassword;srw'
       ),
     );
   }