Indeed, that was pretty much what I needed. Only caveat I found, is that OTRS by default filters on "memberUid" and AD uses "member". Quickly fixed by adding a similar directive as in the authentication part:

$Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';

Thank you very much!

best regards

Jørn-Stian