Hi, I'm having an interesting issue on OTRS 2.2.7 regarding the UserSyncLDAPGroupsDefination for agent logins. If I put in UserSyncLDAPGroupsDefination and configure it based on the FAQ http://faq.otrs.org/otrs/public.pl?Action=PublicFAQ&CategoryID=4&ItemID=219, the login errors out (though it does authenticate since a bad password will give the bad password message). If I comment out the UserSyncLDAPGroupsDefination section, then the login happens but of course without the LDAP-to-OTRS mapping. Going through the log messages, the error points to the code in Kernel/System/Auth/LDAP.pm around line 440. I found that if I comment out 3 lines in LDAP.pm: # system permissions my %PermissionsEmpty = (); # foreach (@{$Self->{ConfigObject}->Get('System::Permission'.$Self->{Count})}) { # $PermissionsEmpty{$_} = 0; # } # remove all group permissions then my UserSyncLDAPGroupsDefination works. I tried with usernames that aren't in the mapped group and OTRS treats it appropriately. So it looks like it works with the mod. My UserSyncLDAPGroupsDefination statement looks like (dc's replaced with bogus values) $Self->{'UserSyncLDAPGroupsDefination2'} = { 'cn=OTRS Admin,ou=Groups,dc=fake,dc=values' => { 'admin' => { rw => 1, }, } }; Is it something wrong with my UserSyncLDAPGroupsDefination statement? I'm not able to figure out yet what I've disabled by doing that but OTRS now maps people in that LDAP group to the OTRS admin group and no one else. Thanks! Terrill