diff --git a/src/app/Backends/LDAP.php b/src/app/Backends/LDAP.php
--- a/src/app/Backends/LDAP.php
+++ b/src/app/Backends/LDAP.php
@@ -980,6 +980,7 @@
         $entry['cn'] = $resource->name;
         $entry['owner'] = null;
         $entry['kolabinvitationpolicy'] = null;
+        $entry['acl'] = '';
 
         $settings = $resource->getSettings(['invitation_policy', 'folder']);
 
@@ -1008,13 +1009,11 @@
             } elseif (preg_match('/^manual:(\S+@\S+)$/', $settings['invitation_policy'], $m)) {
                 if (self::getUserEntry($ldap, $m[1], $userDN)) {
                     $entry['owner'] = $userDN;
+                    $entry['acl'] = $m[1] . ', full';
                     $entry['kolabinvitationpolicy'] = 'ACT_MANUAL';
                 } else {
                     $entry['kolabinvitationpolicy'] = 'ACT_ACCEPT';
                 }
-
-                // TODO: Set folder ACL so the owner can write to it
-                // TODO: Do we need to add lrs for anyone?
             }
         }
     }
@@ -1165,7 +1164,7 @@
         $base_dn = self::baseDN($domainName, 'Resources');
 
         $attrs = ['dn', 'cn', 'mail', 'objectclass', 'kolabtargetfolder',
-            'kolabfoldertype', 'kolabinvitationpolicy', 'owner'];
+            'kolabfoldertype', 'kolabinvitationpolicy', 'owner', 'acl'];
 
         // For resources we're using search() instead of get_entry() because
         // a resource name is not constant, so e.g. on update we might have
diff --git a/src/tests/Feature/Backends/LDAPTest.php b/src/tests/Feature/Backends/LDAPTest.php
--- a/src/tests/Feature/Backends/LDAPTest.php
+++ b/src/tests/Feature/Backends/LDAPTest.php
@@ -247,6 +247,7 @@
             'kolabtargetfolder' => 'shared/Resources/Test1@kolab.org',
             'kolabinvitationpolicy' => null,
             'owner' => null,
+            'acl' => null,
         ];
 
         foreach ($expected as $attr => $value) {
@@ -266,6 +267,23 @@
         $expected['owner'] = 'uid=john@kolab.org,ou=People,ou=kolab.org,' . $root_dn;
         $expected['dn'] = 'cn=Te(\\3dść)1,ou=Resources,ou=kolab.org,' . $root_dn;
         $expected['cn'] = 'Te(=ść)1';
+        $expected['acl'] = 'john@kolab.org, full';
+
+        $ldap_resource = LDAP::getResource($resource->email);
+
+        foreach ($expected as $attr => $value) {
+            $ldap_value = isset($ldap_resource[$attr]) ? $ldap_resource[$attr] : null;
+            $this->assertEquals($value, $ldap_value, "Resource $attr attribute");
+        }
+
+        // Remove the invitation policy
+        $resource->setSetting('invitation_policy', '[]');
+
+        LDAP::updateResource($resource);
+
+        $expected['acl'] = null;
+        $expected['kolabinvitationpolicy'] = null;
+        $expected['owner'] = null;
 
         $ldap_resource = LDAP::getResource($resource->email);