Otrs Agent und Customer Login per LDAP

Hallo zusammen,
ich habe meinem OTRS eine LDAP Authentifizierung für Agents und Customer hinzugefügt und diese funktioniert auch grundsätzlich allerdings nicht bei den Benutzern die vor der Ldap Authentifizierung schon in der lokalen OTRS Datenbank als Agent angelegt waren.

Ich hoffe mir kann jemand helfen, würde es gerne vermeiden die user in der Datenbank manuell zu löschen wegen möglicher inkonsistenz.

Hier mein Script.

#AGENT_Config---------------------------------------------------------------------------------------------------------------------------

# This is an example configuration for using an MS AD backend
    $Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';  
    $Self->{'AuthModule::LDAP::Host'} = '192.168.16.110';  
    $Self->{'AuthModule::LDAP::BaseDN'} = 'dc=xxxxxxxx,dc=local';  
    $Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';  

    # Check if the user is allowed to auth in a posixGroup
    # (e. g. user needs to be in a group OTRS_Agents to use otrs)
    $Self->{'AuthModule::LDAP::GroupDN'} = 'CN=OTRS_Agents,OU=OTRS_Groups,OU=SecurityGroups,OU=xxxxxxxx,DC=xxxxxxxx,DC=local';  
    $Self->{'AuthModule::LDAP::AccessAttr'} = 'member';  
    $Self->{'AuthModule::LDAP::UserAttr'} = 'DN';  

    # Bind credentials to log into AD
    $Self->{'AuthModule::LDAP::SearchUserDN'} = 'CN=LDAP SEARCH,OU=ServiceAccount,OU=xxxxxxxx,DC=xxxxxxxx,DC=local';  
    $Self->{'AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx';  

    # in case you want to add always one filter to each ldap query, use
    # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)' 
    $Self->{'AuthModule::LDAP::AlwaysFilter'} = '';  

    # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
    $Self->{'AuthModule::LDAP::Params'} = {  
        port => 389,
        timeout => 120,
        async => 0,
        version => 3,
    };

# Now sync data with OTRS DB
    $Self->{'AuthSyncModule'} = 'Kernel::System::Auth::Sync::LDAP';  
    $Self->{'AuthSyncModule::LDAP::Host'} = '192.168.16.110';  
    $Self->{'AuthSyncModule::LDAP::BaseDN'} = 'dc=xxxxxxxx,dc=local';  
    $Self->{'AuthSyncModule::LDAP::UID'} = 'sAMAccountName';  
    $Self->{'AuthSyncModule::LDAP::SearchUserDN'} = 'CN=LDAP SEARCH,OU=ServiceAccount,OU=xxxxxxxx,DC=xxxxxxxx,DC=local';  
    $Self->{'AuthSyncModule::LDAP::SearchUserPw'} = 'xxxxxxxx';  
    $Self->{'AuthSyncModule::LDAP::AccessAttr'} = 'member';  
    $Self->{'AuthSyncModule::LDAP::UserAttr'} = 'DN';  

    $Self->{'AuthSyncModule::LDAP::UserSyncMap'} = {  
        # DB -> LDAP
        UserFirstname => 'givenName',  
        UserLastname  => 'sn',  
        UserEmail     => 'mail',  
    };

    # AuthSyncModule::LDAP::UserSyncInitialGroups
    # (sync following group with rw permission after initial create of first agent
    # login)
    $Self->{'AuthSyncModule::LDAP::UserSyncInitialGroups'} = [  
        'users',  
    ];
        # AuthSyncModule::LDAP::UserSyncGroupsDefinition
    # (If "LDAP" was selected for AuthModule and you want to sync LDAP 
    # groups to otrs groups, define the following.)
    **$Self->{'AuthSyncModule::LDAP::UserSyncGroupsDefinition'} = {  
        # ldap group
        'CN=OTRS_Agents,OU=OTRS_Groups,OU=SecurityGroups,OU=xxxxxxxx,DC=xxxxxxxx,DC=local' => {  
            # otrs group
            'gr_Verwaltung' => {  
                # permission
                rw => 1,
                ro => 1,
            },
        },
        'CN=OTRS_Agents,OU=OTRS_Groups,OU=SecurityGroups,OU=xxxxxxxx,DC=xxxxxxxx,DC=local' => {  
            'gr_Verwaltung' => {  
                move_into => 1,**
            },
        }
    };
	
	#AGENT_Config_END-----------------------------------------------------------------------------------------------------------------------
	
	#Customer_Config--------------------------------------------------------------------------------------------------------------------------
	
	#Enable LDAP authentication for Customers / Users
  $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::LDAP';  
  $Self->{'Customer::AuthModule::LDAP::Host'} = '192.168.16.110';  
  $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'dc=xxxxxxxx,dc=local';  
  $Self->{'Customer::AuthModule::LDAP::UID'} = 'sAMAccountName';  

 #The following is valid but would only be necessary if the
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule::LDAP::SearchUserDN'} = 'l.search@xxxxxxxx.local';  
  $Self->{'Customer::AuthModule::LDAP::SearchUserPw'} = 'xxxxxxxx';  

#CustomerUser
#(customer user database backend and settings)
    $Self->{CustomerUser} = {
      Module => 'Kernel::System::CustomerUser::LDAP',  
      Params => {
      Host => '192.168.16.110',  
      BaseDN => 'ou=Benutzer,ou=xxxxxxxx,dc=xxxxxxxx,dc=local',  
      SSCOPE => 'sub',  
      UserDN =>'l.search@xxxxxxxx.local',  
      UserPw => 'xxxxxxxx',  
	  AlwaysFilter =>  '(objectclass=user),  
    },
# customer unique id
    CustomerKey => 'sAMAccountName',  
    # customer #
    CustomerID => 'mail',  
    CustomerUserListFields => ['sAMAccountName', 'cn', 'mail'],  
    CustomerUserSearchFields => ['sAMAccountName', 'cn', 'mail'],  
    CustomerUserSearchPrefix => '',  
    CustomerUserSearchSuffix => '*',  
    CustomerUserSearchListLimit => 250,
    CustomerUserPostMasterSearchFields => ['mail'],  
    CustomerUserNameFields => ['givenname', 'sn'],  
    Map => [
      # note: Login, Email and CustomerID needed!
      # var, frontend, storage, shown, required, storage-type
      #[ 'UserSalutation', 'Title', 'title', 1, 0, 'var' ], 
      [ 'UserFirstname', 'Firstname', 'givenname', 1, 1, 'var' ],  
      [ 'UserLastname', 'Lastname', 'sn', 1, 1, 'var' ],  
      [ 'UserLogin', 'Login', 'sAMAccountName', 1, 1, 'var' ],  
      [ 'UserEmail', 'Email', 'mail', 1, 1, 'var' ],  
      [ 'UserCustomerID', 'CustomerID', 'mail', 0, 1, 'var' ],  
      [ 'UserPhone', 'Phone', 'telephonenumber', 1, 0, 'var' ],  
      #[ 'UserAddress', 'Address', 'postaladdress', 1, 0, 'var' ], 
      #[ 'UserComment', 'Comment', 'description', 1, 0, 'var' ], 
    ],
  };

#Add the following lines when only users are allowed to login if they reside in the spicified security group
#Remove these lines if you want to provide login to all users specified in the User Base DN
#example: $Self->{'Customer::AuthModule::LDAP::BaseDN'} = 'ou=BaseOU, dc=example, dc=com'; 
 $Self->{'Customer::AuthModule::LDAP::GroupDN'} = 'CN=OTRS_Customers,OU=OTRS_Groups,OU=SecurityGroups,OU=xxxxxxxx,DC=xxxxxxxx,DC=local';  
 $Self->{'Customer::AuthModule::LDAP::AccessAttr'} = 'member';  
 $Self->{'Customer::AuthModule::LDAP::UserAttr'} = 'DN'  

	
	#Customer_Config_END----------------------------------------------------------------------------------------------------------------------