Hi all, Perhaps someone can shed some light on this. I have scoured the net and forums pretty well.. I have a machine, Gentoo Linux running Apache (2.2.9) with PHP (5.2.5-p17) and Net::LDAP (perl-ldap-0.39). /etc/resolv.conf search subdomain.domain.tld nameserver 192.168.100.10 OTRS (2.3.3, tried 2.3.2 too, same result) is running as an Apache vhost. I have restarted Apache after config changes as suggested by someone who discovered that this is sometimes needed although it really shouldnt be.. I have configured OTRS to authenticate against a Windows 2K3 AD server, relevant(hopefully) config is as follows: $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP'; $Self->{'AuthModule::LDAP::Host'} = '192.168.100.10'; $Self->{'AuthModule::LDAP::BaseDN'} = 'ou=INTERNAL,dc=subdomain,dc=domain,dc=tld'; $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName'; $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=otrs_users,cn=Users,dc=subdomain,dc=domain,dc=tld'; $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=binddn_user,OU=Service Accounts,dc=subdomain,dc=domain,dc=tld'; $Self->{'AuthModule::LDAP::SearchUserPw'} = 'Mypa55word'; $Self->{'AuthModule::LDAP::Params'} = { port => 389, timeout => 120, async => 0, version => 3, }; $Self->{UserSyncLDAPMap} = { # DB -> LDAP UserFirstname => 'givenName', UserLastname => 'sn', UserEmail => 'mail', }; $Self->{UserSyncLDAPGroups} = [ 'users', ]; I left out the group filtering bits as I just want to get it working before trying to lock it down. Now, if I attempt to log in as a user in the INTERNAL OU (or any user for that matter), I get a failure: Login Failed! Your username or password was entered incorrectly. (I double checked the password, AD account is not locked out and is part of the otrs_users group which is in the Service Accounts OU) From: /var/log/otrs.log [Wed Dec 17 17:05:11 2008][Error][Kernel::System::Auth::LDAP::Auth][191] First bind failed! 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece A look at the AD Security logs says that the binddn_user is sucessfully authenticating/logging out but nothing much else. Any help much appreciated! Thanks. -- Regards, Andy Ashley.