Hello all, We're currently using OTRS 1.3 at our office to support one of our large customers and we use LDAP for the customer user backend across a VPN to their AD server. This allows all their staff to track tickets they have submitted. It's been working very well up to now and we are really pleased with it. We've won some more large support contracts, and I've been asked to extend the coverage of our OTRS server to now include these new organisations. I'd like to use LDAP authentication over VPN again and understand that I can define multiple LDAP sources for customer info & auth backends, so on the face of it these new organisations should be able to use our OTRS without issue. However, I need to tie down the users to seeing only queues relevant to their own respective organisations, as we use queues to represent their offices for reporting. I understand that I need to use $Self->{CustomerGroupSupport} = 1; and 'customer groups' so that I can tie down the users to seeing only queues from their own organisations. What we need is, for example, if a user is authenticated via 'LDAP 1' then they should be in 'Group 1', while if your authenticated through 'LDAP 2' then you should be in 'Group 2'. I have looked at the $Self->{CustomerGroupAlwaysGroups} = ['users', 'info']; option but this seems to affect all users, rather than a dynamic subset of users. Can anyone suggest a solution? Thanks in advance -Nigel