User allowed to read other users passwords

Hello,
is there and if yes which way to configure a user which is able to read other users passwords? This user should not belong to group “Domain Admins” but should be able to read userPassword and sambaNTPassword.
Thanks!

You could write a custom LDAP ACL which allows this: 3.3. LDAP-Verzeichnisdienst — Univention Corporate Server - Handbuch für Benutzer und Administratoren . There are also user password admins which also have write permissions: 3.3. LDAP-Verzeichnisdienst — Univention Corporate Server - Handbuch für Benutzer und Administratoren