Give ACL based on an LDAP filter
The point is to be able to automagically give ACL rights on a department to its manager.
Using a filter like
(&(objectClass=organizationalUnit)(manager=%dn%)) as target for an ACL assignment would answer this problem
To upload designs, you'll need to enable LFS. More information