diff --git a/lam/docs/manual-sources/howto.xml b/lam/docs/manual-sources/howto.xml
index 8dafff50..0bef2149 100644
--- a/lam/docs/manual-sources/howto.xml
+++ b/lam/docs/manual-sources/howto.xml
@@ -5615,6 +5615,10 @@ Run slapindex to rebuild the index.
         the LDAP database. Before your users may change their settings you
         must allow them to change their LDAP data.</para>
 
+        <para>Hint: The ACLs below are not required if you decide to run all
+        operations as the LDAP bind user (option "Use for all
+        operations").</para>
+
         <para>This can be done by adding ACLs to your slapd.conf or
         slapd.d/cn=config/olcDatabase={1}bdb.ldif which look similar to
         these:</para>
@@ -5722,7 +5726,7 @@ Run slapindex to rebuild the index.
           </mediaobject>
         </screenshot>
 
-        <table>
+        <table border="0">
           <title>General options</title>
 
           <tgroup cols="2">
@@ -5730,7 +5734,15 @@ Run slapindex to rebuild the index.
               <row>
                 <entry>Server address</entry>
 
-                <entry>The address of your LDAP server</entry>
+                <entry>The address of your LDAP server. For LDAP+SSL use
+                "ldaps://myserver"</entry>
+              </row>
+
+              <row>
+                <entry>Activate TLS</entry>
+
+                <entry>Activates TLS encryption. Please note that this cannot
+                be combined with LDAP+SSL ("ldaps://").</entry>
               </row>
 
               <row>
@@ -5740,6 +5752,13 @@ Run slapindex to rebuild the index.
                 users</entry>
               </row>
 
+              <row>
+                <entry>LDAP search attribute</entry>
+
+                <entry>Here you can specify if your users can login with user
+                name + password, email + password or other attributes.</entry>
+              </row>
+
               <row>
                 <entry>LDAP user + password</entry>
 
@@ -5750,10 +5769,15 @@ Run slapindex to rebuild the index.
               </row>
 
               <row>
-                <entry>LDAP search attribute</entry>
+                <entry>Use for all operations</entry>
 
-                <entry>Here you can specify if your users can login with user
-                name + password, email + password or other attributes.</entry>
+                <entry>By default LAM will use the credentials of the user
+                that logged in to self service for read/modify operations. If
+                you select this box then the connection user specified before
+                will be used instead. Please note that this can be a security
+                risk because the user requires write access to all users. You
+                need to make sure that your LAM server is well
+                protected.</entry>
               </row>
 
               <row>
diff --git a/lam/docs/manual-sources/images/conf4.jpg b/lam/docs/manual-sources/images/conf4.jpg
index a92a885a..f32c53fc 100644
Binary files a/lam/docs/manual-sources/images/conf4.jpg and b/lam/docs/manual-sources/images/conf4.jpg differ
diff --git a/lam/help/help.inc b/lam/help/help.inc
index 0ca558c7..44831df3 100644
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@@ -225,6 +225,8 @@ $helpArray = array (
 					"Text" => _('This text is placed as label for the password field on the login page. LAM will use "Password" if you do not enter any text.')),
 				"512" => array ("Headline" => _("Additional LDAP filter"),
 					"Text" => _('Use this to enter an additional LDAP filter (e.g. "(objectClass=passwordSelfReset)") to reduce the number of accounts who may use self service.')),
+				"513" => array ("Headline" => _('Use for all operations'),
+					"Text" => _('By default all modifications are done as the user that authenticated in self service. If active then LAM will use the connection user for all LDAP modifications and searches.')),
 				"520" => array ("Headline" => _("Generate random password"),
 					"Text" => _("This will set a random password and display it on the screen or send it to the user via mail. Please edit your LAM server profile to setup the mail settings.")),
 				"550" => array ("Headline" => _("From address"),
diff --git a/lam/lib/html.inc b/lam/lib/html.inc
index 222c75db..66bb0ebc 100644
--- a/lam/lib/html.inc
+++ b/lam/lib/html.inc
@@ -250,6 +250,15 @@ class htmlTable extends htmlElement {
 		}
 	}
 	
+	/**
+	 * Adds an htmlSpacer with the given width.
+	 * 
+	 * @param String $width width (e.g. 10px)
+	 */
+	public function addSpace($width) {
+		$this->addElement(new htmlSpacer($width, null));
+	}
+	
 	/**
 	 * Prints the HTML code for this element.
 	 * 
diff --git a/lam/lib/selfService.inc b/lam/lib/selfService.inc
index 0ec9f8d1..99c01317 100644
--- a/lam/lib/selfService.inc
+++ b/lam/lib/selfService.inc
@@ -307,6 +307,9 @@ class selfServiceProfile {
 
 	/** LDAP password */
 	public $LDAPPassword;
+	
+	/** use bind user also for read/modify operations */
+	public $useForAllOperations;
 
 	/** LDAP search attribute */
 	public $searchAttribute;
@@ -364,6 +367,7 @@ class selfServiceProfile {
 		$this->LDAPSuffix = "dc=my-domain,dc=com";
 		$this->LDAPUser = "";
 		$this->LDAPPassword = "";
+		$this->useForAllOperations = false;
 		$this->searchAttribute = "uid";
 		$this->additionalLDAPFilter = '';
 		$this->httpAuthentication = false;
diff --git a/lam/templates/lib/500_lam.js b/lam/templates/lib/500_lam.js
index f11096d6..5d4a1cf3 100644
--- a/lam/templates/lib/500_lam.js
+++ b/lam/templates/lib/500_lam.js
@@ -354,6 +354,10 @@ function equalWidth(elementIDs) {
 			maxWidth = jQuery(elementIDs[i]).width();
 		};
 	}
+	if (maxWidth < 5) {
+		// no action if invalid width value (e.g. because of hidden tab)
+		return;
+	}
 	for (var i = 0; i < elementIDs.length; ++i) {
 		jQuery(elementIDs[i]).css({'width': maxWidth - (jQuery(elementIDs[i]).outerWidth() - jQuery(elementIDs[i]).width())});
 	}