diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index f75a78bcb0..6177693c48 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -831,7 +831,7 @@ class Access extends LDAPUtility {
 	private function combineFilter($filters, $operator) {
 		$combinedFilter = '('.$operator;
 		foreach($filters as $filter) {
-		    if($filter[0] !== '(') {
+		    if(!empty($filter) && $filter[0] !== '(') {
 				$filter = '('.$filter.')';
 		    }
 		    $combinedFilter.=$filter;
diff --git a/apps/user_ldap/lib/configuration.php b/apps/user_ldap/lib/configuration.php
new file mode 100644
index 0000000000..e9e494c2f6
--- /dev/null
+++ b/apps/user_ldap/lib/configuration.php
@@ -0,0 +1,352 @@
+<?php
+
+/**
+ * ownCloud – LDAP Connection
+ *
+ * @author Arthur Schiwon
+ * @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap\lib;
+
+class Configuration {
+
+	protected $configPrefix = null;
+	protected $configRead = false;
+
+	//settings
+	protected $config = array(
+		'ldapHost' => null,
+		'ldapPort' => null,
+		'ldapBackupHost' => null,
+		'ldapBackupPort' => null,
+		'ldapBase' => null,
+		'ldapBaseUsers' => null,
+		'ldapBaseGroups' => null,
+		'ldapAgentName' => null,
+		'ldapAgentPassword' => null,
+		'ldapTLS' => null,
+		'ldapNoCase' => null,
+		'turnOffCertCheck' => null,
+		'ldapIgnoreNamingRules' => null,
+		'ldapUserDisplayName' => null,
+		'ldapUserFilter' => null,
+		'ldapGroupFilter' => null,
+		'ldapGroupDisplayName' => null,
+		'ldapGroupMemberAssocAttr' => null,
+		'ldapLoginFilter' => null,
+		'ldapQuotaAttribute' => null,
+		'ldapQuotaDefault' => null,
+		'ldapEmailAttribute' => null,
+		'ldapCacheTTL' => null,
+		'ldapUuidAttribute' => 'auto',
+		'ldapOverrideUuidAttribute' => null,
+		'ldapOverrideMainServer' => false,
+		'ldapConfigurationActive' => false,
+		'ldapAttributesForUserSearch' => null,
+		'ldapAttributesForGroupSearch' => null,
+		'homeFolderNamingRule' => null,
+		'hasPagedResultSupport' => false,
+		'ldapExpertUsernameAttr' => null,
+		'ldapExpertUUIDAttr' => null,
+	);
+
+	public function __construct($configPrefix, $autoread = true) {
+		$this->configPrefix = $configPrefix;
+		if($autoread) {
+			$this->readConfiguration();
+		}
+	}
+
+	public function __get($name) {
+		if(isset($this->config[$name])) {
+			return $this->config[$name];
+		}
+	}
+
+	public function __set($name, $value) {
+		$this->setConfiguration(array($name => $value));
+	}
+
+	public function getConfiguration() {
+		return $this->config;
+	}
+
+	/**
+	 * @brief set LDAP configuration with values delivered by an array, not read
+	 * from configuration. It does not save the configuration! To do so, you
+	 * must call saveConfiguration afterwards.
+	 * @param $config array that holds the config parameters in an associated
+	 * array
+	 * @param &$applied optional; array where the set fields will be given to
+	 * @return null
+	 */
+	public function setConfiguration($config, &$applied = null) {
+		if(!is_array($config)) {
+			return false;
+		}
+
+		$cta = $this->getConfigTranslationArray();
+		foreach($config as $inputkey => $val) {
+			if(strpos($inputkey, '_') !== false && isset($cta[$inputkey])) {
+				$key = $cta[$inputkey];
+			} elseif(isset($this->config[$inputkey])) {
+				$key = $inputkey;
+			} else {
+				continue;
+			}
+
+			$setMethod = 'setValue';
+			switch($key) {
+				case 'homeFolderNamingRule':
+					if(!empty($val) && strpos($val, 'attr:') === false) {
+						$val = 'attr:'.$val;
+					}
+				case 'ldapBase':
+				case 'ldapBaseUsers':
+				case 'ldapBaseGroups':
+				case 'ldapAttributesForUserSearch':
+				case 'ldapAttributesForGroupSearch':
+					$setMethod = 'setMultiLine';
+				default:
+					$this->$setMethod($key, $val);
+					if(is_array($applied)) {
+						$applied[] = $inputkey;
+					}
+			}
+		}
+
+	}
+
+	public function readConfiguration() {
+		if(!$this->configRead && !is_null($this->configPrefix)) {
+			$cta = array_flip($this->getConfigTranslationArray());
+			foreach($this->config as $key => $val) {
+// 				if($this->configPrefix == 's04') var_dump($key);
+				if(!isset($cta[$key])) {
+					//some are determined
+					continue;
+				}
+				$dbkey = $cta[$key];
+// 				if($this->configPrefix == 's04') var_dump($dbkey);
+				switch($key) {
+					case 'ldapBase':
+					case 'ldapBaseUsers':
+					case 'ldapBaseGroups':
+					case 'ldapAttributesForUserSearch':
+					case 'ldapAttributesForGroupSearch':
+						$readMethod = 'getMultiLine';
+						break;
+					case 'ldapIgnoreNamingRules':
+						$readMethod = 'getSystemValue';
+						$dbkey = $key;
+						break;
+					case 'ldapAgentPassword':
+						$readMethod = 'getPwd';
+						break;
+					case 'ldapUserDisplayName':
+					case 'ldapGroupDisplayName':
+						$readMethod = 'getLcValue';
+						break;
+					default:
+						$readMethod = 'getValue';
+						break;
+				}
+// 				if($this->configPrefix == 's04') var_dump($readMethod);
+				$this->config[$key] = $this->$readMethod($dbkey);
+			}
+			$this->configRead = true;
+		}
+		if($this->configPrefix == 's03') {
+// 			var_dump($this->config);
+
+// 			die;
+		}
+	}
+
+	/**
+	 * @brief saves the current Configuration in the database
+	 */
+	public function saveConfiguration() {
+		$cta = array_flip($this->getConfigTranslationArray());
+		foreach($this->config as $key => $value) {
+			switch ($key) {
+				case 'ldapAgentPassword':
+					$value = base64_encode($value);
+					break;
+				case 'ldapBase':
+				case 'ldapBaseUsers':
+				case 'ldapBaseGroups':
+				case 'ldapAttributesForUserSearch':
+				case 'ldapAttributesForGroupSearch':
+					if(is_array($value)) {
+						$value = implode("\n", $value);
+					}
+					break;
+				//following options are not stored but detected, skip them
+				case 'ldapIgnoreNamingRules':
+				case 'ldapOverrideUuidAttribute':
+				case 'hasPagedResultSupport':
+					continue 2;
+			}
+			if(is_null($value)) {
+				$value = '';
+			}
+			$this->saveValue($cta[$key], $value);
+		}
+	}
+
+	protected function getMultiLine($varname) {
+		$value = $this->getValue($varname);
+		if(empty($value)) {
+			$value = '';
+		} else {
+			$value = preg_split('/\r\n|\r|\n/', $value);
+		}
+
+		return $value;
+	}
+
+	protected function setMultiLine($varname, $value) {
+		if(empty($value)) {
+			$value = '';
+		} else {
+			$value = preg_split('/\r\n|\r|\n/', $value);
+		}
+
+		$this->setValue($varname, $value);
+	}
+
+	protected function getPwd($varname) {
+		return base64_decode($this->getValue($varname));
+	}
+
+	protected function getLcValue($varname) {
+		return mb_strtolower($this->getValue($varname), 'UTF-8');
+	}
+
+	protected function getSystemValue($varname) {
+		//FIXME: if another system value is added, softcode the default value
+		return \OCP\Config::getSystemValue($varname, false);
+	}
+
+	protected function getValue($varname) {
+		static $defaults;
+		if(is_null($defaults)) {
+			$defaults = $this->getDefaults();
+		}
+// 		if($this->configPrefix == 's04') var_dump($this->configPrefix.$varname);
+// 		if(0 == $this->configKeyToDBKey($varname)) {
+// 			var_dump($varname);
+// 			print("<pre>");
+// 			debug_print_backtrace(); die;
+// 		}
+		return \OCP\Config::getAppValue('user_ldap',
+										$this->configPrefix.$varname,
+										$defaults[$varname]);
+	}
+
+	protected function setValue($varname, $value) {
+		$this->config[$varname] = $value;
+	}
+
+	protected function saveValue($varname, $value) {
+		return \OCP\Config::setAppValue('user_ldap',
+										$this->configPrefix.$varname,
+										$value);
+	}
+
+	/**
+	 * @returns an associative array with the default values. Keys are correspond
+	 * to config-value entries in the database table
+	 */
+	public function getDefaults() {
+		return array(
+			'ldap_host'							=> '',
+			'ldap_port'							=> '389',
+			'ldap_backup_host'					=> '',
+			'ldap_backup_port'					=> '',
+			'ldap_override_main_server'			=> '',
+			'ldap_dn'							=> '',
+			'ldap_agent_password'				=> '',
+			'ldap_base'							=> '',
+			'ldap_base_users'					=> '',
+			'ldap_base_groups'					=> '',
+			'ldap_userlist_filter'				=> 'objectClass=person',
+			'ldap_login_filter'					=> 'uid=%uid',
+			'ldap_group_filter'					=> 'objectClass=posixGroup',
+			'ldap_display_name'					=> 'cn',
+			'ldap_group_display_name'			=> 'cn',
+			'ldap_tls'							=> 1,
+			'ldap_nocase'						=> 0,
+			'ldap_quota_def'					=> '',
+			'ldap_quota_attr'					=> '',
+			'ldap_email_attr'					=> '',
+			'ldap_group_member_assoc_attribute'	=> 'uniqueMember',
+			'ldap_cache_ttl'					=> 600,
+			'ldap_uuid_attribute'				=> 'auto',
+			'ldap_override_uuid_attribute'		=> 0,
+			'home_folder_naming_rule'			=> '',
+			'ldap_turn_off_cert_check'			=> 0,
+			'ldap_configuration_active'			=> 1,
+			'ldap_attributes_for_user_search'	=> '',
+			'ldap_attributes_for_group_search'	=> '',
+			'ldap_expert_username_attr'			=> '',
+			'ldap_expert_uuid_attr'				=> '',
+		);
+	}
+
+	/**
+	 * @return returns an array that maps internal variable names to database fields
+	 */
+	public function getConfigTranslationArray() {
+		//TODO: merge them into one representation
+		static $array = array(
+			'ldap_host'							=> 'ldapHost',
+			'ldap_port'							=> 'ldapPort',
+			'ldap_backup_host'					=> 'ldapBackupHost',
+			'ldap_backup_port'					=> 'ldapBackupPort',
+			'ldap_override_main_server' 		=> 'ldapOverrideMainServer',
+			'ldap_dn'							=> 'ldapAgentName',
+			'ldap_agent_password'				=> 'ldapAgentPassword',
+			'ldap_base'							=> 'ldapBase',
+			'ldap_base_users'					=> 'ldapBaseUsers',
+			'ldap_base_groups'					=> 'ldapBaseGroups',
+			'ldap_userlist_filter'				=> 'ldapUserFilter',
+			'ldap_login_filter'					=> 'ldapLoginFilter',
+			'ldap_group_filter'					=> 'ldapGroupFilter',
+			'ldap_display_name'					=> 'ldapUserDisplayName',
+			'ldap_group_display_name'			=> 'ldapGroupDisplayName',
+			'ldap_tls'							=> 'ldapTLS',
+			'ldap_nocase'						=> 'ldapNoCase',
+			'ldap_quota_def'					=> 'ldapQuotaDefault',
+			'ldap_quota_attr'					=> 'ldapQuotaAttribute',
+			'ldap_email_attr'					=> 'ldapEmailAttribute',
+			'ldap_group_member_assoc_attribute'	=> 'ldapGroupMemberAssocAttr',
+			'ldap_cache_ttl'					=> 'ldapCacheTTL',
+			'home_folder_naming_rule' 			=> 'homeFolderNamingRule',
+			'ldap_turn_off_cert_check' 			=> 'turnOffCertCheck',
+			'ldap_configuration_active' 		=> 'ldapConfigurationActive',
+			'ldap_attributes_for_user_search' 	=> 'ldapAttributesForUserSearch',
+			'ldap_attributes_for_group_search'	=> 'ldapAttributesForGroupSearch',
+			'ldap_expert_username_attr' 		=> 'ldapExpertUsernameAttr',
+			'ldap_expert_uuid_attr' 			=> 'ldapExpertUUIDAttr',
+		);
+		return $array;
+	}
+
+}
\ No newline at end of file
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 468f4b004b..981d792325 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -31,48 +31,15 @@ class Connection extends LDAPUtility {
 
 	//whether connection should be kept on __destruct
 	private $dontDestruct = false;
+	private $hasPagedResultSupport = true;
 
 	//cache handler
 	protected $cache;
 
-	//settings
-	protected $config = array(
-		'ldapHost' => null,
-		'ldapPort' => null,
-		'ldapBackupHost' => null,
-		'ldapBackupPort' => null,
-		'ldapBase' => null,
-		'ldapBaseUsers' => null,
-		'ldapBaseGroups' => null,
-		'ldapAgentName' => null,
-		'ldapAgentPassword' => null,
-		'ldapTLS' => null,
-		'ldapNoCase' => null,
-		'turnOffCertCheck' => null,
-		'ldapIgnoreNamingRules' => null,
-		'ldapUserDisplayName' => null,
-		'ldapUserFilter' => null,
-		'ldapGroupFilter' => null,
-		'ldapGroupDisplayName' => null,
-		'ldapGroupMemberAssocAttr' => null,
-		'ldapLoginFilter' => null,
-		'ldapQuotaAttribute' => null,
-		'ldapQuotaDefault' => null,
-		'ldapEmailAttribute' => null,
-		'ldapCacheTTL' => null,
-		'ldapUuidUserAttribute' => 'auto',
+	//settings handler
+	protected $configuration;
 		'ldapUuidGroupAttribute' => 'auto',
-		'ldapOverrideUuidAttribute' => null,
-		'ldapOverrideMainServer' => false,
-		'ldapConfigurationActive' => false,
-		'ldapAttributesForUserSearch' => null,
-		'ldapAttributesForGroupSearch' => null,
-		'homeFolderNamingRule' => null,
-		'hasPagedResultSupport' => false,
-		'ldapExpertUsernameAttr' => null,
-		'ldapExpertUUIDUserAttr' => null,
 		'ldapExpertUUIDGroupAttr' => null,
-	);
 
 	/**
 	 * @brief Constructor
@@ -83,13 +50,14 @@ class Connection extends LDAPUtility {
 		parent::__construct($ldap);
 		$this->configPrefix = $configPrefix;
 		$this->configID = $configID;
+		$this->configuration = new Configuration($configPrefix);
 		$memcache = new \OC\Memcache\Factory();
 		if($memcache->isAvailable()) {
 			$this->cache = $memcache->create();
 		} else {
 			$this->cache = \OC_Cache::getGlobalCache();
 		}
-		$this->config['hasPagedResultSupport'] =
+		$this->hasPagedResultSupport =
 			$this->ldap->hasPagedResultSupport();
 	}
 
@@ -114,23 +82,21 @@ class Connection extends LDAPUtility {
 			$this->readConfiguration();
 		}
 
-		if(isset($this->config[$name])) {
-			return $this->config[$name];
+		if($name === 'hasPagedResultSupport') {
+			return $this->hasPagedResultSupport;
 		}
+
+		return $this->configuration->$name;
 	}
 
 	public function __set($name, $value) {
-		$changed = false;
-		//only few options are writable
-		if($name === 'ldapUuidUserAttribute' || $name === 'ldapUuidGroupAttribute') {
-			\OCP\Util::writeLog('user_ldap', 'Set config '.$name.' to  '.$value, \OCP\Util::DEBUG);
-			$this->config[$name] = $value;
+		$before = $this->configuration->$name;
+		$this->configuration->$name = $value;
+		$after = $this->configuration->$name;
+		if($before !== $after) {
 			if(!empty($this->configID)) {
-				\OCP\Config::setAppValue($this->configID, $this->configPrefix.$name, $value);
+				$this->configuration->saveConfiguration();
 			}
-			$changed = true;
-		}
-		if($changed) {
 			$this->validateConfiguration();
 		}
 	}
@@ -174,7 +140,7 @@ class Connection extends LDAPUtility {
 		if(!$this->configured) {
 			$this->readConfiguration();
 		}
-		if(!$this->config['ldapCacheTTL']) {
+		if(!$this->configuration->ldapCacheTTL) {
 			return null;
 		}
 		if(!$this->isCached($key)) {
@@ -190,7 +156,7 @@ class Connection extends LDAPUtility {
 		if(!$this->configured) {
 			$this->readConfiguration();
 		}
-		if(!$this->config['ldapCacheTTL']) {
+		if(!$this->configuration->ldapCacheTTL) {
 			return false;
 		}
 		$key = $this->getCacheKey($key);
@@ -201,110 +167,30 @@ class Connection extends LDAPUtility {
 		if(!$this->configured) {
 			$this->readConfiguration();
 		}
-		if(!$this->config['ldapCacheTTL']
-			|| !$this->config['ldapConfigurationActive']) {
+		if(!$this->configuration->ldapCacheTTL
+			|| !$this->configuration->ldapConfigurationActive) {
 			return null;
 		}
 		$key   = $this->getCacheKey($key);
 		$value = base64_encode(serialize($value));
-		$this->cache->set($key, $value, $this->config['ldapCacheTTL']);
+		$this->cache->set($key, $value, $this->configuration->ldapCacheTTL);
 	}
 
 	public function clearCache() {
 		$this->cache->clear($this->getCacheKey(null));
 	}
 
-	private function getValue($varname) {
-		static $defaults;
-		if(is_null($defaults)) {
-			$defaults = $this->getDefaults();
-		}
-		return \OCP\Config::getAppValue($this->configID,
-										$this->configPrefix.$varname,
-										$defaults[$varname]);
-	}
-
-	private function setValue($varname, $value) {
-		\OCP\Config::setAppValue($this->configID,
-									$this->configPrefix.$varname,
-									$value);
-	}
-
 	/**
-	 * Special handling for reading Base Configuration
-	 *
-	 * @param $base the internal name of the config key
-	 * @param $value the value stored for the base
-	 */
-	private function readBase($base, $value) {
-		if(empty($value)) {
-			$value = '';
-		} else {
-			$value = preg_split('/\r\n|\r|\n/', $value);
-		}
-
-		$this->config[$base] = $value;
-	}
-
-	/**
-	 * Caches the general LDAP configuration.
+	 * @brief Caches the general LDAP configuration.
+	 * @param $force optional. true, if the re-read should be forced. defaults
+	 * to false.
+	 * @return null
 	 */
 	private function readConfiguration($force = false) {
 		if((!$this->configured || $force) && !is_null($this->configID)) {
-			$v = 'getValue';
-			$this->config['ldapHost']       = $this->$v('ldap_host');
-			$this->config['ldapBackupHost'] = $this->$v('ldap_backup_host');
-			$this->config['ldapPort']       = $this->$v('ldap_port');
-			$this->config['ldapBackupPort'] = $this->$v('ldap_backup_port');
-			$this->config['ldapOverrideMainServer']
-				= $this->$v('ldap_override_main_server');
-			$this->config['ldapAgentName']  = $this->$v('ldap_dn');
-			$this->config['ldapAgentPassword']
-				= base64_decode($this->$v('ldap_agent_password'));
-			$this->readBase('ldapBase',       $this->$v('ldap_base'));
-			$this->readBase('ldapBaseUsers',  $this->$v('ldap_base_users'));
-			$this->readBase('ldapBaseGroups', $this->$v('ldap_base_groups'));
-			$this->config['ldapTLS']        = $this->$v('ldap_tls');
-			$this->config['ldapNoCase']     = $this->$v('ldap_nocase');
-			$this->config['turnOffCertCheck']
-				= $this->$v('ldap_turn_off_cert_check');
-			$this->config['ldapUserDisplayName']
-				= mb_strtolower($this->$v('ldap_display_name'), 'UTF-8');
-			$this->config['ldapUserFilter']
-				= $this->$v('ldap_userlist_filter');
-			$this->config['ldapGroupFilter'] = $this->$v('ldap_group_filter');
-			$this->config['ldapLoginFilter'] = $this->$v('ldap_login_filter');
-			$this->config['ldapGroupDisplayName']
-				= mb_strtolower($this->$v('ldap_group_display_name'), 'UTF-8');
-			$this->config['ldapQuotaAttribute']
-				= $this->$v('ldap_quota_attr');
-			$this->config['ldapQuotaDefault']
-				= $this->$v('ldap_quota_def');
-			$this->config['ldapEmailAttribute']
-				= $this->$v('ldap_email_attr');
-			$this->config['ldapGroupMemberAssocAttr']
-				= $this->$v('ldap_group_member_assoc_attribute');
-			$this->config['ldapIgnoreNamingRules']
-				= \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
-			$this->config['ldapCacheTTL']    = $this->$v('ldap_cache_ttl');
-			$this->config['ldapUuidUserAttribute']
-				= $this->$v('ldap_uuid_user_attribute');
+			$this->configuration->readConfiguration();
 			$this->config['ldapUuidGroupAttribute']
 				= $this->$v('ldap_uuid_group_attribute');
-			$this->config['ldapOverrideUuidAttribute']
-				= $this->$v('ldap_override_uuid_attribute');
-			$this->config['homeFolderNamingRule']
-				= $this->$v('home_folder_naming_rule');
-			$this->config['ldapConfigurationActive']
-				= $this->$v('ldap_configuration_active');
-			$this->config['ldapAttributesForUserSearch']
-				= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_user_search'));
-			$this->config['ldapAttributesForGroupSearch']
-				= preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search'));
-			$this->config['ldapExpertUsernameAttr']
-				= $this->$v('ldap_expert_username_attr');
-			$this->config['ldapExpertUUIDUserAttr']
-				= $this->$v('ldap_expert_uuid_user_attr');
 			$this->config['ldapExpertUUIDGroupAttr']
 				= $this->$v('ldap_expert_uuid_group_attr');
 
@@ -313,124 +199,32 @@ class Connection extends LDAPUtility {
 	}
 
 	/**
-	 * @return returns an array that maps internal variable names to database fields
-	 */
-	private function getConfigTranslationArray() {
-		static $array = array(
-			'ldap_host'=>'ldapHost',
-			'ldap_port'=>'ldapPort',
-			'ldap_backup_host'=>'ldapBackupHost',
-			'ldap_backup_port'=>'ldapBackupPort',
-			'ldap_override_main_server' => 'ldapOverrideMainServer',
-			'ldap_dn'=>'ldapAgentName',
-			'ldap_agent_password'=>'ldapAgentPassword',
-			'ldap_base'=>'ldapBase',
-			'ldap_base_users'=>'ldapBaseUsers',
-			'ldap_base_groups'=>'ldapBaseGroups',
-			'ldap_userlist_filter'=>'ldapUserFilter',
-			'ldap_login_filter'=>'ldapLoginFilter',
-			'ldap_group_filter'=>'ldapGroupFilter',
-			'ldap_display_name'=>'ldapUserDisplayName',
-			'ldap_group_display_name'=>'ldapGroupDisplayName',
-			'ldap_tls'=>'ldapTLS',
-			'ldap_nocase'=>'ldapNoCase',
-			'ldap_quota_def'=>'ldapQuotaDefault',
-			'ldap_quota_attr'=>'ldapQuotaAttribute',
-			'ldap_email_attr'=>'ldapEmailAttribute',
-			'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr',
-			'ldap_cache_ttl'=>'ldapCacheTTL',
-			'home_folder_naming_rule' => 'homeFolderNamingRule',
-			'ldap_turn_off_cert_check' => 'turnOffCertCheck',
-			'ldap_configuration_active' => 'ldapConfigurationActive',
-			'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch',
-			'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch',
-			'ldap_expert_username_attr' => 'ldapExpertUsernameAttr',
-			'ldap_expert_uuid_user_attr' => 'ldapExpertUUIDUserAttr',
 			'ldap_expert_uuid_group_attr' => 'ldapExpertUUIDGroupAttr',
-		);
-		return $array;
-	}
-
-	/**
 	 * @brief set LDAP configuration with values delivered by an array, not read from configuration
 	 * @param $config array that holds the config parameters in an associated array
 	 * @param &$setParameters optional; array where the set fields will be given to
 	 * @return true if config validates, false otherwise. Check with $setParameters for detailed success on single parameters
 	 */
 	public function setConfiguration($config, &$setParameters = null) {
-		if(!is_array($config)) {
-			return false;
+		if(is_null($setParameters)) {
+			$setParameters = array();
 		}
-
-		$params = $this->getConfigTranslationArray();
-
-		foreach($config as $parameter => $value) {
-			if(($parameter === 'homeFolderNamingRule'
-				|| (isset($params[$parameter])
-					&& $params[$parameter] === 'homeFolderNamingRule'))
-				&& !empty($value)) {
-				$value = 'attr:'.$value;
-			} else if (strpos($parameter, 'ldapBase') !== false
-				|| (isset($params[$parameter])
-					&& strpos($params[$parameter], 'ldapBase') !== false)) {
-				$this->readBase($params[$parameter], $value);
-				if(is_array($setParameters)) {
-					$setParameters[] = $parameter;
-				}
-				continue;
-			}
-		    if(isset($this->config[$parameter])) {
-				$this->config[$parameter] = $value;
-				if(is_array($setParameters)) {
-					$setParameters[] = $parameter;
-				}
-		    } else if(isset($params[$parameter])) {
-				$this->config[$params[$parameter]] = $value;
-				if(is_array($setParameters)) {
-					$setParameters[] = $params[$parameter];
-				}
-		    }
+		$this->configuration->setConfiguration($config, $setParameters);
+		if(count($setParameters) > 0) {
+			$this->configured = $this->validateConfiguration();
 		}
 
-		$this->configured = $this->validateConfiguration();
-
 		return $this->configured;
 	}
 
 	/**
-	 * @brief saves the current Configuration in the database
+	 * @brief saves the current Configuration in the database and empties the
+	 * cache
+	 * @return null
 	 */
 	public function saveConfiguration() {
-		$trans = array_flip($this->getConfigTranslationArray());
-		foreach($this->config as $key => $value) {
-			\OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.
-				' value '.print_r($value, true), \OCP\Util::DEBUG);
-			switch ($key) {
-				case 'ldapAgentPassword':
-					$value = base64_encode($value);
-					break;
-				case 'ldapBase':
-				case 'ldapBaseUsers':
-				case 'ldapBaseGroups':
-				case 'ldapAttributesForUserSearch':
-				case 'ldapAttributesForGroupSearch':
-					if(is_array($value)) {
-						$value = implode("\n", $value);
-					}
-					break;
-				case 'ldapIgnoreNamingRules':
-				case 'ldapOverrideUuidAttribute':
-				case 'ldapUuidUserAttribute':
+		$this->configuration->saveConfiguration();
 				case 'ldapUuidGroupAttribute':
-				case 'hasPagedResultSupport':
-					continue 2;
-			}
-			if(is_null($value)) {
-				$value = '';
-			}
-
-		    $this->setValue($trans[$key], $value);
-		}
 		$this->clearCache();
 	}
 
@@ -440,26 +234,181 @@ class Connection extends LDAPUtility {
 	 */
 	public function getConfiguration() {
 		$this->readConfiguration();
-		$trans = $this->getConfigTranslationArray();
-		$config = array();
-		foreach($trans as $dbKey => $classKey) {
-			if($classKey === 'homeFolderNamingRule') {
-				if(strpos($this->config[$classKey], 'attr:') === 0) {
-					$config[$dbKey] = substr($this->config[$classKey], 5);
-				} else {
-					$config[$dbKey] = '';
-				}
-				continue;
-			} else if((strpos($classKey, 'ldapBase') !== false
-						|| strpos($classKey, 'ldapAttributes') !== false)
-						&& is_array($this->config[$classKey])) {
-				$config[$dbKey] = implode("\n", $this->config[$classKey]);
-				continue;
+		$config = $this->configuration->getConfiguration();
+		$cta = $this->configuration->getConfigTranslationArray();
+		$result = array();
+		foreach($cta as $dbkey => $configkey) {
+			switch($configkey) {
+				case 'homeFolderNamingRule':
+					if(strpos($config[$configkey], 'attr:') === 0) {
+						$result[$dbkey] = substr($config[$configkey], 5);
+					} else {
+						$result[$dbkey] = '';
+					}
+					break;
+				case 'ldapBase':
+				case 'ldapBaseUsers':
+				case 'ldapBaseGroups':
+				case 'ldapAttributesForUserSearch':
+				case 'ldapAttributesForGroupSearch':
+					if(is_array($config[$configkey])) {
+						$result[$dbkey] = implode("\n", $config[$configkey]);
+						break;
+					} //else follows default
+				default:
+					$result[$dbkey] = $config[$configkey];
+			}
+		}
+		return $result;
+	}
+
+	//TODO remove if not necessary
+// 	public function getDefaults() {
+// 		return $this->configuration->getDefaults();
+// 	}
+
+	private function doSoftValidation() {
+		//if User or Group Base are not set, take over Base DN setting
+		foreach(array('ldapBaseUsers', 'ldapBaseGroups') as $keyBase) {
+		    $val = $this->configuration->$keyBase;
+			if(empty($val)) {
+				$obj = strpos('Users', $keyBase) !== false ? 'Users' : 'Groups';
+				\OCP\Util::writeLog('user_ldap',
+									'Base tree for '.$obj.
+									' is empty, using Base DN',
+									\OCP\Util::INFO);
+				$this->configuration->$keyBase = $this->configuration->ldapBase;
 			}
-			$config[$dbKey] = $this->config[$classKey];
 		}
 
-		return $config;
+		$groupFilter = $this->configuration->ldapGroupFilter;
+		if(empty($groupFilter)) {
+			\OCP\Util::writeLog('user_ldap',
+								'No group filter is specified, LDAP group '.
+								'feature will not be used.',
+								\OCP\Util::INFO);
+		}
+
+		$uuidOverride = $this->configuration->ldapExpertUUIDAttr;
+		if(!empty($uuidOverride)) {
+			$this->configuration->ldapUuidAttribute = $uuidOverride;
+		} else {
+			$uuidAttributes = array('auto', 'entryuuid', 'nsuniqueid',
+									'objectguid', 'guid');
+			if(!in_array($this->configuration->ldapUuidAttribute,
+						 $uuidAttributes)
+				&& (!is_null($this->configID))) {
+				$this->configuration->ldapUuidAttribute = 'auto';
+				$this->configuration->saveConfiguration();
+										'auto');
+				\OCP\Util::writeLog('user_ldap',
+									'Illegal value for the UUID Attribute, '.
+									'reset to autodetect.',
+									\OCP\Util::INFO);
+			}
+
+		}
+
+
+		$backupPort = $this->configuration->ldapBackupPort;
+		if(empty($backupPort)) {
+			$this->configuration->backupPort = $this->configuration->ldapPort;
+		}
+
+		//make sure empty search attributes are saved as simple, empty array
+		$sakeys = array('ldapAttributesForUserSearch',
+						'ldapAttributesForGroupSearch');
+		foreach($sakeys as $key) {
+			$val = $this->configuration->$key;
+			if(is_array($val) && count($val) === 1 && empty($val[0])) {
+				$this->configuration->$key = array();
+			}
+		}
+
+		if((stripos($this->configuration->ldapHost, 'ldaps://') === 0)
+			&& $this->configuration->ldapTLS) {
+			$this->configuration->ldapTLS = false;
+			\OCP\Util::writeLog('user_ldap',
+								'LDAPS (already using secure connection) and '.
+								'TLS do not work together. Switched off TLS.',
+								\OCP\Util::INFO);
+		}
+	}
+
+	private function doCriticalValidation() {
+		$configurationOK = true;
+		$errorStr = 'Configuration Error (prefix '.
+					strval($this->configPrefix).'): ';
+
+		//options that shall not be empty
+		$options = array('ldapHost', 'ldapPort', 'ldapUserDisplayName',
+						 'ldapGroupDisplayName', 'ldapLoginFilter');
+		foreach($options as $key) {
+			$val = $this->configuration->$key;
+			if(empty($val)) {
+				switch($key) {
+					case 'ldapHost':
+						$subj = 'LDAP Host';
+						break;
+					case 'ldapPort':
+						$subj = 'LDAP Port';
+						break;
+					case 'ldapUserDisplayName':
+						$subj = 'LDAP User Display Name';
+						break;
+					case 'ldapGroupDisplayName':
+						$subj = 'LDAP Group Display Name';
+						break;
+					case 'ldapLoginFilter':
+						$subj = 'LDAP Login Filter';
+						break;
+					default:
+						$subj = $key;
+						break;
+				}
+				$configurationOK = false;
+				\OCP\Util::writeLog('user_ldap',
+									$errorStr.'No '.$subj.' given!',
+									\OCP\Util::WARN);
+			}
+		}
+
+		//combinations
+		$agent = $this->configuration->ldapAgentName;
+		$pwd = $this->configuration->ldapAgentPassword;
+		if((empty($agent) && !empty($pwd)) || (!empty($agent) && empty($pwd))) {
+			\OCP\Util::writeLog('user_ldap',
+								$errorStr.'either no password is given for the'.
+								'user agent or a password is given, but not an'.
+								'LDAP agent.',
+				\OCP\Util::WARN);
+			$configurationOK = false;
+		}
+
+		$base = $this->configuration->ldapBase;
+		$baseUsers = $this->configuration->ldapBaseUsers;
+		$baseGroups = $this->configuration->ldapBaseGroups;
+
+		if(empty($base) && empty($baseUsers) && empty($baseGroups)) {
+			\OCP\Util::writeLog('user_ldap',
+								$errorStr.'Not a single Base DN given.',
+								\OCP\Util::WARN);
+			$configurationOK = false;
+		}
+
+		if(mb_strpos($this->configuration->ldapLoginFilter, '%uid', 0, 'UTF-8')
+		   === false) {
+			\OCP\Util::writeLog('user_ldap',
+								$errorStr.'login filter does not contain %uid '.
+								'place holder.',
+								\OCP\Util::WARN);
+			$configurationOK = false;
+		}
+
+		}
+		if(!empty($this->config['ldapExpertUUIDGroupAttr'])) {
+			$this->config['ldapUuidGroupAttribute'] = $this->config['ldapExpertUUIDGroupAttr'];
+		return $configurationOK;
 	}
 
 	/**
@@ -469,162 +418,21 @@ class Connection extends LDAPUtility {
 	private function validateConfiguration() {
 		// first step: "soft" checks: settings that are not really
 		// necessary, but advisable. If left empty, give an info message
-		if(empty($this->config['ldapBaseUsers'])) {
-			\OCP\Util::writeLog('user_ldap', 'Base tree for Users is empty, using Base DN', \OCP\Util::INFO);
-			$this->config['ldapBaseUsers'] = $this->config['ldapBase'];
-		}
-		if(empty($this->config['ldapBaseGroups'])) {
-			\OCP\Util::writeLog('user_ldap', 'Base tree for Groups is empty, using Base DN', \OCP\Util::INFO);
-			$this->config['ldapBaseGroups'] = $this->config['ldapBase'];
-		}
-		if(empty($this->config['ldapGroupFilter']) && empty($this->config['ldapGroupMemberAssocAttr'])) {
-			\OCP\Util::writeLog('user_ldap',
-				'No group filter is specified, LDAP group feature will not be used.',
-				\OCP\Util::INFO);
-		}
-		$uuidAttributes = array(
-			'auto', 'entryuuid', 'nsuniqueid', 'objectguid', 'guid');
-		$uuidSettings = array(
-						'ldapUuidUserAttribute' => 'ldapExpertUUIDUserAttr',
-						'ldapUuidGroupAttribute' => 'ldapExpertUUIDGroupAttr');
-		$cta = array_flip($this->getConfigTranslationArray());
-		foreach($uuidSettings as $defaultKey => $overrideKey) {
-			if( !in_array($this->config[$defaultKey], $uuidAttributes)
-				&& is_null($this->config[$overrideKey])
-				&& !is_null($this->configID)) {
-				\OCP\Config::setAppValue($this->configID,
-										$this->configPrefix.$cta[$defaultKey],
-										'auto');
-				\OCP\Util::writeLog('user_ldap',
-					'Illegal value for'.$defaultKey.', reset to autodetect.',
-					\OCP\Util::DEBUG);
-			}
-		}
+		$this->doSoftValidation();
 
-		if(empty($this->config['ldapBackupPort'])) {
-			//force default
-			$this->config['ldapBackupPort'] = $this->config['ldapPort'];
-		}
-		foreach(array('ldapAttributesForUserSearch', 'ldapAttributesForGroupSearch') as $key) {
-			if(is_array($this->config[$key])
-				&& count($this->config[$key]) === 1
-				&& empty($this->config[$key][0])) {
-				$this->config[$key] = array();
-			}
-		}
-		if((strpos($this->config['ldapHost'], 'ldaps') === 0)
-			&& $this->config['ldapTLS']) {
-			$this->config['ldapTLS'] = false;
-			\OCP\Util::writeLog('user_ldap',
-				'LDAPS (already using secure connection) and TLS do not work together. Switched off TLS.',
-				\OCP\Util::INFO);
-		}
-
-		//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
-		$configurationOK = true;
-		if(empty($this->config['ldapHost'])) {
-			\OCP\Util::writeLog('user_ldap', 'No LDAP host given, won`t connect.', \OCP\Util::WARN);
-			$configurationOK = false;
-		}
-		if(empty($this->config['ldapPort'])) {
-			\OCP\Util::writeLog('user_ldap', 'No LDAP Port given, won`t connect.', \OCP\Util::WARN);
-			$configurationOK = false;
-		}
-		if((empty($this->config['ldapAgentName']) && !empty($this->config['ldapAgentPassword']))
-			|| (!empty($this->config['ldapAgentName']) && empty($this->config['ldapAgentPassword']))) {
-			\OCP\Util::writeLog('user_ldap',
-				'Either no password given for the user agent or a password is given, but no LDAP agent; won`t connect.',
-				\OCP\Util::WARN);
-			$configurationOK = false;
-		}
-		//TODO: check if ldapAgentName is in DN form
-		if(empty($this->config['ldapBase'])
-			&& (empty($this->config['ldapBaseUsers'])
-			&& empty($this->config['ldapBaseGroups']))) {
-			\OCP\Util::writeLog('user_ldap', 'No Base DN given, won`t connect.', \OCP\Util::WARN);
-			$configurationOK = false;
-		}
-		if(empty($this->config['ldapUserDisplayName'])) {
-			\OCP\Util::writeLog('user_ldap',
-				'No user display name attribute specified, won`t connect.',
-				\OCP\Util::WARN);
-			$configurationOK = false;
-		}
-		if(empty($this->config['ldapGroupDisplayName'])) {
-			\OCP\Util::writeLog('user_ldap',
-				'No group display name attribute specified, won`t connect.',
-				\OCP\Util::WARN);
-			$configurationOK = false;
-		}
-		if(empty($this->config['ldapLoginFilter'])) {
-			\OCP\Util::writeLog('user_ldap', 'No login filter specified, won`t connect.', \OCP\Util::WARN);
-			$configurationOK = false;
-		}
-		if(mb_strpos($this->config['ldapLoginFilter'], '%uid', 0, 'UTF-8') === false) {
-			\OCP\Util::writeLog('user_ldap',
-				'Login filter does not contain %uid place holder, won`t connect.',
-				\OCP\Util::WARN);
-			\OCP\Util::writeLog('user_ldap', 'Login filter was ' . $this->config['ldapLoginFilter'], \OCP\Util::DEBUG);
-			$configurationOK = false;
-		}
-
-		if(!empty($this->config['ldapExpertUUIDUserAttr'])) {
-			$this->config['ldapUuidUserAttribute'] = $this->config['ldapExpertUUIDUserAttr'];
-		}
-		if(!empty($this->config['ldapExpertUUIDGroupAttr'])) {
-			$this->config['ldapUuidGroupAttribute'] = $this->config['ldapExpertUUIDGroupAttr'];
-		}
-
-		return $configurationOK;
-	}
-
-	/**
-	 * @returns an associative array with the default values. Keys are correspond
-	 * to config-value entries in the database table
-	 */
-	static public function getDefaults() {
-		return array(
-			'ldap_host'                         => '',
-			'ldap_port'                         => '389',
-			'ldap_backup_host'                  => '',
-			'ldap_backup_port'                  => '',
-			'ldap_override_main_server'         => '',
-			'ldap_dn'                           => '',
-			'ldap_agent_password'               => '',
-			'ldap_base'                         => '',
-			'ldap_base_users'                   => '',
-			'ldap_base_groups'                  => '',
-			'ldap_userlist_filter'              => 'objectClass=person',
-			'ldap_login_filter'                 => 'uid=%uid',
-			'ldap_group_filter'                 => 'objectClass=posixGroup',
-			'ldap_display_name'                 => 'cn',
-			'ldap_group_display_name'           => 'cn',
-			'ldap_tls'                          => 1,
-			'ldap_nocase'                       => 0,
-			'ldap_quota_def'                    => '',
-			'ldap_quota_attr'                   => '',
-			'ldap_email_attr'                   => '',
-			'ldap_group_member_assoc_attribute' => 'uniqueMember',
-			'ldap_cache_ttl'                    => 600,
-			'ldap_uuid_user_attribute'          => 'auto',
+		//second step: critical checks. If left empty or filled wrong, set as
+		//unconfigured and give a warning.
+		return $this->doCriticalValidation();
 			'ldap_uuid_group_attribute'         => 'auto',
-			'ldap_override_uuid_attribute'		=> 0,
-			'home_folder_naming_rule'           => '',
-			'ldap_turn_off_cert_check'			=> 0,
-			'ldap_configuration_active'			=> 1,
-			'ldap_attributes_for_user_search'	=> '',
-			'ldap_attributes_for_group_search'	=> '',
-			'ldap_expert_username_attr'         => '',
-			'ldap_expert_uuid_user_attr'        => '',
 			'ldap_expert_uuid_group_attr'       => '',
-		);
 	}
 
+
 	/**
 	 * Connects and Binds to LDAP
 	 */
 	private function establishConnection() {
-		if(!$this->config['ldapConfigurationActive']) {
+		if(!$this->configuration->ldapConfigurationActive) {
 			return null;
 		}
 		static $phpLDAPinstalled = true;
@@ -632,29 +440,36 @@ class Connection extends LDAPUtility {
 			return false;
 		}
 		if(!$this->configured) {
-			\OCP\Util::writeLog('user_ldap', 'Configuration is invalid, cannot connect', \OCP\Util::WARN);
+			\OCP\Util::writeLog('user_ldap',
+								'Configuration is invalid, cannot connect',
+								\OCP\Util::WARN);
 			return false;
 		}
 		if(!$this->ldapConnectionRes) {
 			if(!$this->ldap->areLDAPFunctionsAvailable()) {
 				$phpLDAPinstalled = false;
 				\OCP\Util::writeLog('user_ldap',
-					'function ldap_connect is not available. Make sure that the PHP ldap module is installed.',
-					\OCP\Util::ERROR);
+									'function ldap_connect is not available. Make '.
+									'sure that the PHP ldap module is installed.',
+									\OCP\Util::ERROR);
 
 				return false;
 			}
-			if($this->config['turnOffCertCheck']) {
+			if($this->configuration->turnOffCertCheck) {
 				if(putenv('LDAPTLS_REQCERT=never')) {
 					\OCP\Util::writeLog('user_ldap',
 						'Turned off SSL certificate validation successfully.',
 						\OCP\Util::WARN);
 				} else {
-					\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
+					\OCP\Util::writeLog('user_ldap',
+										'Could not turn off SSL certificate validation.',
+										\OCP\Util::WARN);
 				}
 			}
-			if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
-				$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
+			if(!$this->configuration->ldapOverrideMainServer
+			   && !$this->getFromCache('overrideMainServer')) {
+				$this->doConnect($this->configuration->ldapHost,
+								 $this->configuration->ldapPort);
 				$bindStatus = $this->bind();
 				$error = $this->ldap->isResource($this->ldapConnectionRes) ?
 							$this->ldap->errno($this->ldapConnectionRes) : -1;
@@ -665,9 +480,10 @@ class Connection extends LDAPUtility {
 
 			//if LDAP server is not reachable, try the Backup (Replica!) Server
 			if((!$bindStatus && ($error !== 0))
-				|| $this->config['ldapOverrideMainServer']
+				|| $this->configuration->ldapOverrideMainServer
 				|| $this->getFromCache('overrideMainServer')) {
-					$this->doConnect($this->config['ldapBackupHost'], $this->config['ldapBackupPort']);
+					$this->doConnect($this->configuration->ldapBackupHost,
+									 $this->configuration->ldapBackupPort);
 					$bindStatus = $this->bind();
 					if(!$bindStatus && $error === -1) {
 						//when bind to backup server succeeded and failed to main server,
@@ -690,7 +506,7 @@ class Connection extends LDAPUtility {
 		$this->ldapConnectionRes = $this->ldap->connect($host, $port);
 		if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
 			if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
-				if($this->config['ldapTLS']) {
+				if($this->configuration->ldapTLS) {
 					$this->ldap->startTls($this->ldapConnectionRes);
 				}
 			}
@@ -702,7 +518,7 @@ class Connection extends LDAPUtility {
 	 */
 	public function bind() {
 		static $getConnectionResourceAttempt = false;
-		if(!$this->config['ldapConfigurationActive']) {
+		if(!$this->configuration->ldapConfigurationActive) {
 			return false;
 		}
 		if($getConnectionResourceAttempt) {
@@ -716,8 +532,8 @@ class Connection extends LDAPUtility {
 			return false;
 		}
 		$ldapLogin = @$this->ldap->bind($cr,
-										$this->config['ldapAgentName'],
-										$this->config['ldapAgentPassword']);
+										$this->configuration->ldapAgentName,
+										$this->configuration->ldapAgentPassword);
 		if(!$ldapLogin) {
 			\OCP\Util::writeLog('user_ldap',
 				'Bind failed: ' . $this->ldap->errno($cr) . ': ' . $this->ldap->error($cr),
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index f20bc19118..45d874eff0 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -37,7 +37,8 @@ $tmpl->assign('serverConfigurationPrefixes', $prefixes);
 $tmpl->assign('serverConfigurationHosts', $hosts);
 
 // assign default values
-$defaults = \OCA\user_ldap\lib\Connection::getDefaults();
+$config = new \OCA\user_ldap\lib\Configuration('', false);
+$defaults = $config->getDefaults();
 foreach($defaults as $key => $default) {
     $tmpl->assign($key.'_default', $default);
 }