Hello, We have a site currently running Koha 3.6.0 against an LDAP (AD) server for authentication. On more than one occasion a borrower (different each time) has reported logging into their account with their login details but being presented with somebody else's account details. As you can imagine the site are very concerned about the security implications of this problem. I checked the session table (in case CGI::Session had generated 2 identical session id's, which should be impossible anyway) and cleared it down but it didn't take long for another user to report the problem. I will enable some more verbose logging on the LDAP connection but I am wondering if anyone else has ever experienced such a problem? Thanks Barry@oslo.ie http://www.oslo.ie