the admin manual contains a section about extending the LDAP ACLs. It doesn’t include an example that matches your use case 1:1, but it should be enough to get you started.
Note that the LDAP server’s configuration file is created from template files. Therefore you cannot simply edit
/etc/ldap/slapd.conf as your changed would be overwritten subsequently. You’ll have to put your changes in a new sub-template file in
/etc/univention/templates/files/etc/ldap/slapd.conf.d. If you don’t know how to do that, I suggest reading this blog post I’ve written about that very topic which explains how it all works — where to put stuff, how to register your own (sub-)templates, how to regenerate the destination file from the templates. It’s only available in German for the time being, but judging from your user name that shouldn’t be a problem.
The ACL in question could look something like this (untested, suitable for the template file, not for the final LDAP server config):
access to dn="cn=contacts,cn=kopano,@%@ldap/base@%@"
by dn="uid=your-user,cn=users,@%@ldap/base@%@" write
by * +0 break