diff --git a/lam/docs/modules-specification.htm b/lam/docs/modules-specification.htm
index a4afad91..feec1198 100644
--- a/lam/docs/modules-specification.htm
+++ b/lam/docs/modules-specification.htm
@@ -108,16 +108,20 @@ quota module is no base module as it needs posixAccount.<br>
   </tbody>
 </table>
 <br>
-Returns a string that can be used as part of a LDAP filter. Usually
+Returns an array('or' =&gt; '...', 'and' =&gt; '...') that is used to
+build the LDAP filter. Usually
 used to filter object classes.<br>
 <span style="font-weight: bold;">$scope</span> is the account type
 ("user", "group", "host" at this time).<br>
 <br>
-All filter parts of the base modules are combined with OR and used to
-find the accounts for the lists.<br>
+All "or" filter parts of the base modules are combined with OR and then
+combined with the "and" parts.<br>
+The resulting LDAP filter will look like this:
+(&amp;(|(OR1)(OR2)(OR3))(AND1)(AND2)(AND3))<br>
 <br>
 <span style="font-weight: bold;">Example: <span
- style="font-style: italic;">return "(objectClass=posixAccount)"</span></span><br>
+ style="font-style: italic;">return "('or' =&gt;
+'objectClass=posixAccount', 'and' =&gt; '(!(uid=*$))')"</span></span><br>
 <br>
 <span style="font-weight: bold; color: rgb(255, 0, 0);">This function
 is only used for base modules. Standard modules do not need to
@@ -314,12 +318,13 @@ If no errors occured the function returns an empty array.<span
 This function is called when a PDF is to be created.<br>
 <span style="font-weight: bold;">$scope</span> is the account type
 ("user", "group", "host" at this time).<br>
-It returns the fields which are printed in the PDF file for the specified 
-account type. At the monent there is no (easy) possibility for the user to 
-decide which fields are to be displayed. Perhaps there will be a PDF config 
-tool in future releases where you can offer the user to decide which fields are 
-to be displayed on the PDF file. The format of the array to be returned is 
-described in section 5. "PDF syntax".<br>
+It returns the fields which are printed in the PDF file for the
+specified account type. At the monent there is no (easy) possibility
+for the user to decide which fields are to be displayed. Perhaps there
+will be a PDF config tool in future releases where you can offer the
+user to decide which fields are to be displayed on the PDF file. The
+format of the array to be returned is described in section 5. "PDF
+syntax".<br>
 <br>
 <h3><br>
 </h3>
diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc
index 9b71dd2c..745d8502 100644
--- a/lam/lib/modules.inc
+++ b/lam/lib/modules.inc
@@ -37,7 +37,7 @@ while ($stay<7) {
 	if (is_dir($relative.'lib/modules')) {
 		$dir = opendir($relative.'lib/modules');
 		while ($entry = readdir($dir))
-			if (is_file($relative.'lib/modules/'.$entry)) include_once ($relative.'lib/modules/'.$entry);
+			if ((substr($entry, strlen($entry) - 4, 4) == '.inc') && is_file($relative.'lib/modules/'.$entry)) include_once ($relative.'lib/modules/'.$entry);
 		$stay=10;
 		}
 	else {
@@ -66,17 +66,26 @@ function is_base_module($name, $scope) {
 function get_ldap_filter($scope) {
 	$mods = getAvailableModules($scope);
 	$filters = array();
+	$orFilter = '';
 	for ($i = 0; $i < sizeof($mods); $i++) {
 		if (is_base_module($mods[$i], $scope)) {
-			$filters[] = call_user_func(array($mods[$i], "get_ldap_filter"), $scope);
+			$modinfo = call_user_func(array($mods[$i], "get_ldap_filter"), $scope);
+			if (isset($modinfo['or'])) $filters['or'][] = $modinfo['or'];
+			if (isset($modinfo['and'])) $filters['and'][] = $modinfo['and'];
 		}
 	}
-	if (sizeof($filters) < 2) {
-		return $filters[0];
+	// build OR filter
+	if (sizeof($filters['or']) == 1) {
+		$orFilter = $filters['or'][0];
 	}
-	else {
-		return "(&" . implode("", $filters) . ")";
+	elseif (sizeof($filters['or']) > 1) {
+		$orFilter = "(|" . implode("", $filters['or']) . ")";
 	}
+	// add built OR filter to AND filters
+	if ($orFilter != '') $filters['and'][] = $orFilter;
+	// collapse AND filters
+	if (sizeof($filters['and']) < 2) return $filters['and'][0];
+	else return "(&" . implode("", $filters['and']) . ")";
 }
 
 // returns a hash array (module name => dependencies) of all user module dependencies
@@ -85,15 +94,12 @@ function get_ldap_filter($scope) {
 // the elements of conflicts are module names
 // $scope: user, group, host, ....
 function getModulesDependencies($scope) {
-	global $relative;
-	// get module names.
-	$dir = opendir($relative . 'lib/modules');
-	while ($entry = readdir($dir))
-		if (is_file($relative . 'lib/modules/'.$entry)) {
-			$entry = substr($entry, 0, strpos($entry, '.'));
-			$deps = call_user_func(array($entry, "get_dependencies"), $scope);
-			if ($deps != -1) $return[$entry] = $deps;
-			}
+	$mods = getAvailableModules($scope);
+	$deps = array();
+	for ($i = 0; $i < sizeof($mods); $i++) {
+		$deps = call_user_func(array($mods[$i], "get_dependencies"), $scope);
+		if ($deps != -1) $return[$mods[$i]] = $deps;
+	}
 	return $return;
 	}
 
@@ -162,7 +168,7 @@ function getAvailableModules($scope) {
 	// get module names.
 	$dir = opendir($relative . 'lib/modules');
 	while ($entry = readdir($dir))
-		if (is_file($relative . 'lib/modules/'.$entry)) {
+		if ((substr($entry, strlen($entry) - 4, 4) == '.inc') && is_file($relative . 'lib/modules/'.$entry)) {
 			$entry = substr($entry, 0, strpos($entry, '.'));
 			if (call_user_func(array($entry, "can_manage"), $scope)) $return[] = $entry;
 		}
diff --git a/lam/lib/modules/account.inc b/lam/lib/modules/account.inc
index 7db5c775..8064ae85 100644
--- a/lam/lib/modules/account.inc
+++ b/lam/lib/modules/account.inc
@@ -79,7 +79,7 @@ class account {
 	/* This function returns a list with all required modules
 	*/
 	function get_dependencies($scope) {
-		if ($scope=='host') return array('require' => array('main'), 'conflict' => array('inetOrgPerson', 'posixGroup', 'sambaDomain') );
+		if ($scope=='host') return array('depends' => array(), 'conflicts' => array('inetOrgPerson', 'posixGroup', 'sambaDomain') );
 		return -1;
 		}
 
diff --git a/lam/lib/modules/inetOrgPerson.inc b/lam/lib/modules/inetOrgPerson.inc
index 2f781c37..3106556b 100644
--- a/lam/lib/modules/inetOrgPerson.inc
+++ b/lam/lib/modules/inetOrgPerson.inc
@@ -82,7 +82,7 @@ class inetOrgPerson {
 	/* This function returns a list with all required modules
 	*/
 	function get_dependencies($scope) {
-		if ($scope=='user') return array('require' => array('main', 'posixAccount'), 'conflict' => array('account', 'posixGroup', 'sambaDomain') );
+		if ($scope=='user') return array('depends' => array('posixAccount'), 'conflicts' => array('account', 'posixGroup', 'sambaDomain') );
 		return -1;
 		}
 
diff --git a/lam/lib/modules/main.inc b/lam/lib/modules/main.inc
index 203c8664..50e03fe2 100644
--- a/lam/lib/modules/main.inc
+++ b/lam/lib/modules/main.inc
@@ -78,7 +78,7 @@ class main {
 	/* This function returns a list with all required modules
 	*/
 	function get_dependencies($scope) {
-		return array('require' => array(), 'conflict' => array() );
+		return array('depends' => array(), 'conflicts' => array() );
 		}
 
 	function module_ready() {
diff --git a/lam/lib/modules/posixAccount.inc b/lam/lib/modules/posixAccount.inc
index 500799e3..88e129ff 100644
--- a/lam/lib/modules/posixAccount.inc
+++ b/lam/lib/modules/posixAccount.inc
@@ -140,20 +140,22 @@ class posixAccount {
 	}
 
 	function is_base_module($scope) {
-		return true;
+		if ($scope == "user") return true;
+		else return false;
 	}
 
 	// returns an LDAP filter for the account lists
 	// $scope: the account type ("user", "group", "host")
 	function get_ldap_filter($scope) {
-		return "(objectClass=posixAccount)";
+		if ($scope == "user") return array('or' => "(objectClass=posixAccount)", 'and' => "(!(uid=*$))");
+		else return false;
 	}
 
 	/* This function returns a list with all required modules
 	*/
 	function get_dependencies($scope) {
-		if ($scope=='host') return array('require' => array('account'), 'conflict' => array() );
-		if ($scope=='user') return array('require' => array('inetOrgPerson'), 'conflict' => array() );
+		if ($scope=='host') return array('depends' => array('account'), 'conflicts' => array() );
+		if ($scope=='user') return array('depends' => array('inetOrgPerson'), 'conflicts' => array() );
 		return -1;
 		}
 
diff --git a/lam/lib/modules/posixGroup.inc b/lam/lib/modules/posixGroup.inc
index 21d28f96..90b33caa 100644
--- a/lam/lib/modules/posixGroup.inc
+++ b/lam/lib/modules/posixGroup.inc
@@ -135,13 +135,14 @@ class posixGroup {
 	// returns an LDAP filter for the account lists
 	// $scope: the account type ("user", "group", "host")
 	function get_ldap_filter($scope) {
-		return "(objectClass=posixGroup)";
+		if ($scope == "group") return array('or' => "(objectClass=posixGroup)");
+		else return false;
 	}
 
 	/* This function returns a list with all required modules
 	*/
 	function get_dependencies($scope) {
-		if ($scope=='group') return array('require' => array('main'), 'conflict' => array('inetOrgPerson', 'account', 'sambaDomain') );
+		if ($scope=='group') return array('depends' => array(), 'conflicts' => array('inetOrgPerson', 'account', 'sambaDomain') );
 		return -1;
 		}
 
diff --git a/lam/lib/modules/quota.inc b/lam/lib/modules/quota.inc
index d5bd0311..f0931210 100644
--- a/lam/lib/modules/quota.inc
+++ b/lam/lib/modules/quota.inc
@@ -84,8 +84,8 @@ class quota {
 	/* This function returns a list with all required modules
 	*/
 	function get_dependencies($scope) {
-		if ($scope=='group') return array('require' => array('posixGroup'), 'conflict' => array() );
-		if ($scope=='user') return array('require' => array('posixAccount'), 'conflict' => array() );
+		if ($scope=='group') return array('depends' => array('posixGroup'), 'conflicts' => array() );
+		if ($scope=='user') return array('depends' => array('posixAccount'), 'conflicts' => array() );
 		return -1;
 		}
 
diff --git a/lam/lib/modules/sambaAccount.inc b/lam/lib/modules/sambaAccount.inc
index 997d14b4..21a98598 100644
--- a/lam/lib/modules/sambaAccount.inc
+++ b/lam/lib/modules/sambaAccount.inc
@@ -133,14 +133,22 @@ class sambaAccount {
 	}
 
 	function is_base_module($scope) {
-		return false;
+		if ($scope == "host") return true;
+		else return false;
+	}
+
+	// returns an LDAP filter for the account lists
+	// $scope: the account type ("user", "group", "host")
+	function get_ldap_filter($scope) {
+		if ($scope == "host") return array('and' => '(uid=*$)', 'or' => "(objectClass=posixAccount)");
+		else return false;
 	}
 
 	/* This function returns a list with all required modules
 	*/
 	function get_dependencies($scope) {
-		if ($scope=='host') return array('require' => array('account'), 'conflict' => array() );
-		if ($scope=='user') return array('require' => array('inetOrgPerson'), 'conflict' => array() );
+		if ($scope=='host') return array('depends' => array('account'), 'conflicts' => array() );
+		if ($scope=='user') return array('depends' => array('inetOrgPerson'), 'conflicts' => array() );
 		return -1;
 		}
 
diff --git a/lam/lib/modules/sambaGroupMapping.inc b/lam/lib/modules/sambaGroupMapping.inc
index e6e22c75..ebf110cb 100644
--- a/lam/lib/modules/sambaGroupMapping.inc
+++ b/lam/lib/modules/sambaGroupMapping.inc
@@ -109,7 +109,7 @@ class sambaGroupMapping {
 	/* This function returns a list with all required modules
 	*/
 	function get_dependencies($scope) {
-		if ($scope=='group') return array('require' => array('posixGroup'), 'conflict' => array() );
+		if ($scope=='group') return array('depends' => array('posixGroup'), 'conflicts' => array() );
 		return -1;
 		}
 
diff --git a/lam/lib/modules/sambaSamAccount.inc b/lam/lib/modules/sambaSamAccount.inc
index 2894a485..42c82566 100644
--- a/lam/lib/modules/sambaSamAccount.inc
+++ b/lam/lib/modules/sambaSamAccount.inc
@@ -133,14 +133,22 @@ class sambaSamAccount {
 	}
 
 		function is_base_module($scope) {
-		return false;
+		if ($scope == "host") return true;
+		else return false;
+	}
+
+	// returns an LDAP filter for the account lists
+	// $scope: the account type ("user", "group", "host")
+	function get_ldap_filter($scope) {
+		if ($scope == "host") return array('and' => '(uid=*$)', 'or' => "(objectClass=posixAccount)");
+		else return false;
 	}
 
 /* This function returns a list with all required modules
 	*/
 	function get_dependencies($scope) {
-		if ($scope=='host') return array('require' => array('posixAccount'), 'conflict' => array() );
-		if ($scope=='user') return array('require' => array('posixAccount'), 'conflict' => array() );
+		if ($scope=='host') return array('depends' => array('posixAccount'), 'conflicts' => array() );
+		if ($scope=='user') return array('depends' => array('posixAccount'), 'conflicts' => array() );
 		return -1;
 		}
 
diff --git a/lam/lib/modules/shadowAccount.inc b/lam/lib/modules/shadowAccount.inc
index cb767864..21b28487 100644
--- a/lam/lib/modules/shadowAccount.inc
+++ b/lam/lib/modules/shadowAccount.inc
@@ -103,7 +103,7 @@ class shadowAccount {
 	/* This function returns a list with all required modules
 	*/
 	function get_dependencies($scope) {
-		if ($scope=='user') return array('require' => array('inetOrgPerson'), 'conflict' => array() );
+		if ($scope=='user') return array('depends' => array('inetOrgPerson'), 'conflicts' => array() );
 		return -1;
 		}