Hi all, I'm having glacial progress with getting otrs (Debian) to authenticate with Active Directory. I've have trawled the archives and I'm still not even sure the setup I'm after can be done. I have a standard structure of OUs Customer and Agent account are distributed throughout the OUs I'd like to put Agents in a group to distinguish then from Customers The login IDs should be their samAccountName Group membership can be derived from the group attribute 'member' which contains users DNs. here's the config... $Self->{'AuthModule::LDAP::UID'} = 'samAccountName'; $Self->{'AuthModule::LDAP::GroupDN'} = 'cn=OTRS-Agents,ou=Groups,dc=domain,dc=local'; $Self->{'AuthModule::LDAP::AccessAttr'} = 'member'; $Self->{'AuthModule::LDAP::UserAttr'} = 'distinguishedname'; Looking at the log, it seems membership is being tested using the Login ID and failing. Jun 8 11:37:28 vm-helpdesk OTRS-CGI-10[13668]: [Notice][Kernel::System::Auth::LDAP::Auth] User: mjoyce authentication failed, no LDAP group entry foundGroupDN='cn=OTRS-Agents,ou=Groups,dc=domain,dc=local', Filter='(member=mjoyce)'! (REMOTE_ADDR: x.x.x.x). Have I misunderstood how this authentication process works ? Can anyone advise me ? Thanks Matt