diff --git a/ldap-server/acl_save.cgi b/ldap-server/acl_save.cgi
index 44c9b4599..a410df494 100644
--- a/ldap-server/acl_save.cgi
+++ b/ldap-server/acl_save.cgi
@@ -26,7 +26,7 @@ else {
 		$p->{'what'} = '*';
 		}
 	else {
-		$in{'what_dn'} =~ /^\S+=\S+$/ || &error($text{'eacl_edn'});
+		$in{'what_dn'} =~ /^\S+=\S.*$/ || &error($text{'eacl_edn'});
 		$p->{'what'} =
 			'dn'.($in{'what_style'} ? '.'.$in{'what_style'} : '').
 			'='.$in{'what_dn'};
@@ -53,7 +53,7 @@ else {
 		# Who are we granting
 		if ($in{"wmode_$i"} eq "other") {
 			# Other DN
-			$in{"who_$i"} =~ /^\S+=\S+$/ ||
+			$in{"who_$i"} =~ /^\S+=\S.*$/ ||
 				&error(&text('eacl_ewho', $i+1));
 			$by->{'who'} = $in{"who_$i"};
 			}
diff --git a/ldap-server/ldap-server-lib.pl b/ldap-server/ldap-server-lib.pl
index 665a0128d..d42f4baa5 100644
--- a/ldap-server/ldap-server-lib.pl
+++ b/ldap-server/ldap-server-lib.pl
@@ -486,7 +486,12 @@ sub store_ldap_access
 {
 local ($a, $p) = @_;
 local @v = ( 'to' );
-push(@v, $p->{'what'});
+if ($p->{'what'} =~ /^\S+$/) {
+	push(@v, $p->{'what'});
+	}
+else {
+	push(@v, "\"$p->{'what'}\"");
+	}
 if ($p->{'filter'}) {
 	push(@v, "filter=$p->{'filter'}");
 	}
@@ -495,7 +500,12 @@ if ($p->{'attrs'}) {
 	}
 foreach my $b (@{$p->{'by'}}) {
 	push(@v, "by");
-	push(@v, $b->{'who'});
+	if ($b->{'who'} =~ /^\S+$/) {
+		push(@v, $b->{'who'});
+		}
+	else {
+		push(@v, "\"$b->{'who'}\"");
+		}
 	push(@v, $b->{'access'});
 	push(@v, @{$b->{'control'}});
 	}