Give ACL based on an LDAP filter

The point is to be able to automagically give ACL rights on a department to its manager. Using a filter like (&(objectClass=organizationalUnit)(manager=%dn%)) as target for an ACL assignment would answer this problem